CVE-2023-32346
Summary
| CVE | CVE-2023-32346 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-22 15:15:00 UTC |
| Updated | 2023-05-31 20:17:00 UTC |
| Description | Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. |
Risk And Classification
Problem Types: CWE-204
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Teltonika | Remote Management System | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Teltonika Remote Management System and RUT Model Routers | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.