CVE-2023-2586

Name of the Vulnerable Software and Affected Versions Teltonika’s Remote Management System version 4.14.0

Description The issue allows an unauthorized attacker to register previously unregistered devices through the RMS platform. If the RMS management feature is enabled, an attacker could register a device to themselves, enabling them to perform different operations on the user's devices. This includes remote code execution with root privileges using the Task Manager feature on RMS.

Recommendations For Teltonika’s Remote Management System version 4.14.0, disable the RMS management feature to prevent unauthorized device registration. As a temporary workaround, consider restricting access to the Task Manager feature on RMS until a patch is available.