Unrated severityNVD Advisory· Published May 22, 2023· Updated Jan 16, 2025

CVE-2023-2587

Description

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Teltonika/Remote Management Systemllm-fuzzy2 versions
<4.10.0+ 1 more
- (no CPE)range: <4.10.0
- (no CPE)range: 0

Patches

Vulnerability mechanics

References

www.cisa.gov/news-events/ics-advisories/icsa-23-131-08mitregovernment-resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000