CVE-2023-32347

Name of the Vulnerable Software and Affected Versions Teltonika’s Remote Management System versions prior to 4.10.0

Description The issue concerns the use of device serial numbers and MAC addresses for device identification and authentication. If an attacker obtains the serial number and MAC address of a device, they could authenticate as that device, steal its communication credentials, and potentially enable arbitrary command execution as root. This could be achieved by utilizing management options within newly registered devices.

Recommendations For versions prior to 4.10.0, update to version 4.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to device management options to minimize the risk of exploitation. Additionally, ensure that device serial numbers and MAC addresses are kept confidential to prevent unauthorized access.