API Access Flaw in Teltonika Devices Due to Permission Misconfigurations
CVE-2024-8256
Key Information
- Vendor
- Teltonika Networks
- Status
- Rutos
- Tswos
- Vendor
- CVE Published:
- 10 December 2024
Summary
A vulnerability has been identified in Teltonika Networks’ RUTOS and TSWOS devices, stemming from incorrect permission handling within their APIs. This flaw allows low-privileged users, who operate under default permission settings, to gain unauthorized access to critical resources on the device. This potential exposure raises significant security concerns, as attackers can exploit this weakness to manipulate device functionalities, leading to data breaches or further exploits. Users of affected Teltonika devices, particularly those running RUTOS versions 7.0 to 7.8 and TSWOS versions 1.0 to 1.3, are strongly advised to apply available security updates to mitigate risks associated with this vulnerability.
Affected Version(s)
RUTOS < 7.8
TSWOS < 1.3
References
Timeline
Vulnerability published
Vulnerability Reserved