Session Management Flaw in Teltonika RTU950 from Teltonika
CVE-2018-19878

6.5MEDIUM

Key Information:

Vendor: Teltonika
Status: Rut950 Firmware
Vendor: CVE Published:; 19 June 2019

What is CVE-2018-19878?

A session management flaw has been identified in Teltonika RTU950 devices, enabling users to log in without restrictions. Each successful login retains a session, allowing repeated logins without prior logout and leading to increased memory usage. This flaw may cause excessive memory consumption, potentially impacting device performance and stability.

References

https://www.triadsec.com/CVE-2018-19878.pdf

x_refsource_MISC

https://www.triadsec.com/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2019
Vulnerability Reserved
Dec 5, 2018