CVE-2023-32348

Name of the Vulnerable Software and Affected Versions Teltonika’s Remote Management System versions prior to 4.10.0

Description The issue concerns the virtual private network (VPN) hub feature in Teltonika’s Remote Management System, which utilizes OpenVPN for cross-device communication. This feature allows new devices to connect and communicate with all Teltonika devices already connected to the VPN. Additionally, the OpenVPN server enables users to route through it. An attacker could exploit this by routing a connection to a remote server through the OpenVPN server, thereby gaining the ability to scan and access data from other Teltonika devices connected to the VPN.

Recommendations For versions prior to 4.10.0, update to version 4.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenVPN server to minimize the risk of exploitation. Avoid using the VPN hub feature until the issue is resolved.