Authentication Bypass Issue in Teltonika Remote Management System
CVE-2023-32347

8.1HIGH

Key Information:

Vendor: Teltonika
Status: Remote Management System
Vendor: CVE Published:; 22 May 2023

What is CVE-2023-32347?

Teltonika's Remote Management System prior to version 4.10.0 is susceptible to an authentication bypass vulnerability. This issue arises because the system relies on device serial numbers and MAC addresses for device identification and authentication. If an attacker gains access to a device's serial number and MAC address, they can impersonate that device. This unauthorized access may allow them to extract sensitive communication credentials, leading to potential arbitrary command execution with root privileges through the management functions associated with the compromised device.

Affected Version(s)

Remote Management System 0 < 4.10.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

government-resource

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
May 8, 2023

Credit

Roni Gavrilov

OTORIO