PT-2024-12286 · Teslamate+1 · Teslamate+1
Published
2024-03-26
·
Updated
2024-08-02
·
CVE-2023-31634
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TeslaMate versions prior to 1.27.2
Description
The issue allows unauthorized access to port 4000 for remote viewing and operation of user data. An attacker can access the IP address for the TeslaMate instance, switch the port to 3000 to enter Grafana for remote operations, and use the default username and password to enter the Grafana management console without logging in.
Recommendations
For versions prior to 1.27.2, update to version 1.27.2 or later to resolve the issue. As a temporary workaround, consider restricting access to port 4000 and changing the default username and password for the Grafana management console. Restrict access to the Grafana management console to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grafana
Teslamate