CVE-2024-8256

Name of the Vulnerable Software and Affected Versions: Teltonika Networks RUTOS versions 7.0 through 7.7 Teltonika Networks TSWOS versions 1.0 through 1.2

Description: A vulnerability exists due to incorrect permission handling, allowing a lower privileged user with default permissions to access critical device resources via the API.

Recommendations: For Teltonika Networks RUTOS versions 7.0 through 7.7, consider restricting access to critical device resources until a patch is available. For Teltonika Networks TSWOS versions 1.0 through 1.2, consider disabling API access for lower privileged users with default permissions until a fix is released. As a temporary workaround, consider limiting the use of the API to minimize the risk of exploitation.