← voltar
CVE-2024-8256

Incorrect Permission Assignment in RutOS based routers and TSWOS based managed switches

CVSS 5.9 MEDIUMEPSS 0.2%CWE-732
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.9EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 dez 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Teltonika Networks · RUTOSTeltonika Networks · TSWOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.deepcove.support/teltonika-responsible-disclosure-proactive-testing-report/