TRB2
by Teltonika
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5788 | 0.00 | — | 0.01 | Oct 1, 2020 | Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. | |||
| CVE-2020-5787 | 0.00 | — | 0.02 | Oct 1, 2020 | Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. | |||
| CVE-2020-5785 | 0.00 | — | 0.01 | Oct 1, 2020 | Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. | |||
| CVE-2020-5786 | 0.00 | — | 0.09 | Oct 1, 2020 | Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||
| CVE-2020-5789 | 0.00 | — | 0.01 | Oct 1, 2020 | Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | |||
| CVE-2020-5784 | 0.00 | — | 0.01 | Oct 1, 2020 | Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | |||
| CVE-2020-5771 | 0.00 | — | 0.02 | Aug 3, 2020 | Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | |||
| CVE-2020-5772 | 0.00 | — | 0.01 | Aug 3, 2020 | Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | |||
| CVE-2020-5769 | 0.00 | — | 0.01 | Jul 17, 2020 | Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER'… |
- CVE-2020-5788Oct 1, 2020risk 0.00cvss —epss 0.01
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.
- CVE-2020-5787Oct 1, 2020risk 0.00cvss —epss 0.02
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.
- CVE-2020-5785Oct 1, 2020risk 0.00cvss —epss 0.01
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter.
- CVE-2020-5786Oct 1, 2020risk 0.00cvss —epss 0.09
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
- CVE-2020-5789Oct 1, 2020risk 0.00cvss —epss 0.01
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
- CVE-2020-5784Oct 1, 2020risk 0.00cvss —epss 0.01
Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs.
- CVE-2020-5771Aug 3, 2020risk 0.00cvss —epss 0.02
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
- CVE-2020-5772Aug 3, 2020risk 0.00cvss —epss 0.01
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.
- CVE-2020-5769Jul 17, 2020risk 0.00cvss —epss 0.01
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER'…