Vulnerabilities > CVE-2018-19878 - Use After Free vulnerability in Teltonika Rut950 Firmware R31.04.89

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
teltonika
CWE-416

Summary

An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space.

Vulnerable Configurations

Part Description Count
OS
Teltonika
1
Hardware
Teltonika
1

Common Weakness Enumeration (CWE)