VYPR

TRB2

by Teltonika

CVEs (9)

  • CVE-2020-5788Oct 1, 2020
    risk 0.00cvss epss 0.01

    Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.

  • CVE-2020-5787Oct 1, 2020
    risk 0.00cvss epss 0.02

    Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.

  • CVE-2020-5785Oct 1, 2020
    risk 0.00cvss epss 0.01

    Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter.

  • CVE-2020-5786Oct 1, 2020
    risk 0.00cvss epss 0.09

    Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

  • CVE-2020-5789Oct 1, 2020
    risk 0.00cvss epss 0.01

    Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.

  • CVE-2020-5784Oct 1, 2020
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs.

  • CVE-2020-5771Aug 3, 2020
    risk 0.00cvss epss 0.02

    Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.

  • CVE-2020-5772Aug 3, 2020
    risk 0.00cvss epss 0.01

    Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.

  • CVE-2020-5769Jul 17, 2020
    risk 0.00cvss epss 0.01

    Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER'…