Skip to main content

Remote Management System

6 CVEs product

Monthly

CVE-2023-32348 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Remote Management System
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-2588 HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Management System
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2587 HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE XSS Remote Management System
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2023-2586 CRITICAL Act Now

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Remote Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32347 CRITICAL Act Now

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remote Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32346 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
EPSS 1% CVSS 5.8
MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Remote Management System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Management System
NVD
EPSS 1% CVSS 8.3
HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE XSS Remote Management System
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Remote Management System
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remote Management System
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Management System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy