cbcvebase.
CVE-2023-32348
published 2023-05-22

CVE-2023-32348: Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses…

PriorityP433medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EPSS
0.53%
40.5th percentile
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.

Affected

1 ranges
VendorProductVersion rangeFixed in
teltonikaremote_management_system< 4.10.04.10.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.