API Access Flaw in Teltonika Devices Due to Permission Misconfigurations

CVE-2024-8256

Currently unrated 🤨

Key Information

Vendor
Teltonika Networks
Status
Rutos
Tswos
Vendor
CVE Published:
10 December 2024

Summary

A vulnerability has been identified in Teltonika Networks’ RUTOS and TSWOS devices, stemming from incorrect permission handling within their APIs. This flaw allows low-privileged users, who operate under default permission settings, to gain unauthorized access to critical resources on the device. This potential exposure raises significant security concerns, as attackers can exploit this weakness to manipulate device functionalities, leading to data breaches or further exploits. Users of affected Teltonika devices, particularly those running RUTOS versions 7.0 to 7.8 and TSWOS versions 1.0 to 1.3, are strongly advised to apply available security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

RUTOS < 7.8

TSWOS < 1.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.