Lucene search

Teltonika-networks Security Vulnerabilities

cve

CVE-2023-32349

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI...

8.8CVSS

8.5AI Score

0.001EPSS

2023-05-22 04:15 PM

cve

CVE-2023-32350

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a...

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-22 04:15 PM

cve

CVE-2020-5788

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete...

6.5CVSS

6.3AI Score

0.002EPSS

2020-10-01 08:15 PM

cve

CVE-2020-5789

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on...

6.5CVSS

6.2AI Score

0.004EPSS

2020-10-01 08:15 PM

cve

CVE-2020-5784

Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary...

6.5CVSS

6.4AI Score

0.001EPSS

2020-10-01 08:15 PM

cve

CVE-2020-5785

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’...

6.1CVSS

5.9AI Score

0.002EPSS

2020-10-01 08:15 PM

cve

CVE-2020-5786

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted...

8.8CVSS

8.4AI Score

0.002EPSS

2020-10-01 08:15 PM

cve

CVE-2020-5787

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove...

6.5CVSS

6.3AI Score

0.002EPSS

2020-10-01 08:15 PM

cve

CVE-2020-5773

Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write...

8.8CVSS

8.4AI Score

0.001EPSS

2020-08-03 08:15 PM

cve

CVE-2020-5771

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup...

7.5CVSS

7.5AI Score

0.002EPSS

2020-08-03 08:15 PM

cve

CVE-2020-5770

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted...

8.8CVSS

8.4AI Score

0.002EPSS

2020-08-03 08:15 PM

cve

CVE-2020-5772

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package...

7.5CVSS

7.5AI Score

0.002EPSS

2020-08-03 08:15 PM

cve

CVE-2020-5769

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration...

5.4CVSS

5.1AI Score

0.001EPSS

2020-07-17 10:15 PM