CVE-2023-32346

Name of the Vulnerable Software and Affected Versions Teltonika’s Remote Management System versions prior to 4.10.0

Description The issue concerns a function in the Remote Management System that allows users to claim devices, returning information based on whether a device's serial number or MAC address has been claimed, or if the claim attempt was successful. An attacker could exploit this function to create a list of serial numbers and MAC addresses of all cloud-connected devices.

Recommendations For versions prior to 4.10.0, update to version 4.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the device claiming function until a patch is applied. Avoid using the device claiming function with untrusted users to minimize the risk of exploitation.