VYPR

Vendor CVEs

Teltonika

All CVEs

29 total · sorted by risk
  • CVE-2017-8116CriJul 3, 2017
    risk 0.64cvss 9.8epss 0.05

    The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

  • CVE-2026-8914HigJun 5, 2026
    risk 0.55cvss epss 0.01

    In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the…

  • CVE-2025-4687HigMay 29, 2025
    risk 0.47cvss epss 0.00

    In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge.…

  • CVE-2024-8256MedDec 10, 2024
    risk 0.38cvss epss 0.00

    In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access…

  • CVE-2018-17532Oct 15, 2018
    risk 0.06cvss epss 0.71

    Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with…

  • CVE-2023-31728Feb 17, 2024
    risk 0.00cvss epss 0.00

    Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.

  • CVE-2024-22727Feb 17, 2024
    risk 0.00cvss epss 0.00

    Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.

  • CVE-2023-32350May 22, 2023
    risk 0.00cvss epss 0.01

    Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead…

  • CVE-2023-2588May 22, 2023
    risk 0.00cvss epss 0.01

    Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System…

  • CVE-2023-2587May 22, 2023
    risk 0.00cvss epss 0.01

    Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an…

  • CVE-2023-2586May 22, 2023
    risk 0.00cvss epss 0.01

    Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register…

  • CVE-2023-32348May 22, 2023
    risk 0.00cvss epss 0.01

    Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices…

  • CVE-2023-32347May 22, 2023
    risk 0.00cvss epss 0.01

    Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC…

  • CVE-2023-32346May 22, 2023
    risk 0.00cvss epss 0.01

    Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been…

  • CVE-2020-5788Oct 1, 2020
    risk 0.00cvss epss 0.01

    Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.

  • CVE-2020-5787Oct 1, 2020
    risk 0.00cvss epss 0.02

    Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.

  • CVE-2020-5785Oct 1, 2020
    risk 0.00cvss epss 0.01

    Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter.

  • CVE-2020-5786Oct 1, 2020
    risk 0.00cvss epss 0.09

    Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

  • CVE-2020-5789Oct 1, 2020
    risk 0.00cvss epss 0.01

    Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.

  • CVE-2020-5784Oct 1, 2020
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs.

  • CVE-2020-5771Aug 3, 2020
    risk 0.00cvss epss 0.02

    Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.

  • CVE-2020-5770Aug 3, 2020
    risk 0.00cvss epss 0.01

    Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

  • CVE-2020-5773Aug 3, 2020
    risk 0.00cvss epss 0.01

    Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations.

  • CVE-2020-5772Aug 3, 2020
    risk 0.00cvss epss 0.01

    Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.

  • CVE-2020-5769Jul 17, 2020
    risk 0.00cvss epss 0.01

    Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER'…

  • CVE-2018-19878Jun 19, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session…

  • CVE-2018-19879Mar 28, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to…

  • CVE-2018-17533Oct 15, 2018
    risk 0.00cvss epss 0.02

    Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

  • CVE-2018-17534Oct 15, 2018
    risk 0.00cvss epss 0.01

    Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.