Vulnerabilities > Teltonika > Remote Management System
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-22 | CVE-2023-2586 | Improper Authentication vulnerability in Teltonika Remote Management System 4.14.0 Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. | 9.8 |
2023-05-22 | CVE-2023-2587 | Cross-site Scripting vulnerability in Teltonika Remote Management System Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. | 8.3 |
2023-05-22 | CVE-2023-2588 | Inclusion of Web Functionality from an Untrusted Source vulnerability in Teltonika Remote Management System Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. | 8.8 |
2023-05-22 | CVE-2023-32348 | Server-Side Request Forgery (SSRF) vulnerability in Teltonika Remote Management System Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. | 5.8 |
2023-05-22 | CVE-2023-32346 | Response Discrepancy Information Exposure vulnerability in Teltonika Remote Management System Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. | 5.3 |
2023-05-22 | CVE-2023-32347 | Improper Authentication vulnerability in Teltonika Remote Management System Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. | 9.8 |