10 matches found
CVE-2020-5789
Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk...
CVE-2020-5786
Cross-site request forgery in Teltonika firmware TRB2R00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5784
Server-Side Request Forgery in Teltonika firmware TRB2R00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs...
CVE-2020-5786
Cross-site request forgery in Teltonika firmware TRB2R00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
Server side request forgery (ssrf)
Server-Side Request Forgery in Teltonika firmware TRB2R00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs...
Cross site request forgery (csrf)
Cross-site request forgery in Teltonika firmware TRB2R00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5788
CVE-2020-5788 affects Teltonika firmware TRB2_R_00.02.04.3 where a relative path traversal in the admin/certificates/delete action allows a remote, authenticated attacker to delete arbitrary files on disk. Root cause: insufficient validation/sanitization of file paths in the delete endpoint. Impa...
CVE-2020-5787
CVE-2020-5787 describes a Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3. The vulnerability allows a remote, authenticated attacker to delete arbitrary files on the device’s disk via the admin/services/packages/remove action. Affected software: Teltonika firmware TRB2_R_00.02.04....
CVE-2020-5785
CVE-2020-5785 affects Teltonika firmware TRB2_R_00.02.04.3, with insufficient output sanitization enabling a reflected cross-site scripting attack via crafted parameters action or pkg_name. The vulnerability is listed across multiple sources (NVD, Red Hat, CVE listings) and describes an unauthent...
CVE-2020-5786
CVE-2020-5786: A cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 lets a remote attacker trick authenticated users into performing sensitive application actions through a crafted link. The consolidated documents confirm the affected product/firmware version and the CSRF nature o...