Reflected Cross-Site Scripting Vulnerability in Teltonika Firmware
CVE-2020-5785
6.1MEDIUM
What is CVE-2020-5785?
A reflected cross-site scripting vulnerability exists in Teltonika's firmware TRB2_R_00.02.04.3 due to insufficient output sanitization. This flaw allows attackers to craft malicious requests with specific parameters, such as ‘action’ or ‘pkg_name’, enabling them to inject harmful scripts. If exploited, this vulnerability could permit unauthorized users to execute scripts in a victim's browser session, compromising sensitive information and web application integrity.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Teltonika Gateway TRB245 TRB2_R_00.02.04.3 firmware
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved