Search criteria

3 vulnerabilities

CVE-2026-8914 (GCVE-0-2026-8914)

Vulnerability from cvelistv5 – Published: 2026-06-05 09:36 – Updated: 2026-06-05 20:21
VLAI?
Title
Command injection in Profile change function
Summary
In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user.
CWE
  • CWE-95 - Improper neutralization of directives in dynamically evaluated code ('eval injection')
Assigner
Impacted products
Vendor Product Version
Teltonika Networks RUTOS Affected: 7.22 , ≤ 7.23.2 (custom)
Create a notification for this product.
    Teltonika Networks TSWOS Affected: 1.09 , ≤ 1.09.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:21:49.190196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:21:59.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RUTOS",
          "vendor": "Teltonika Networks",
          "versions": [
            {
              "lessThanOrEqual": "7.23.2",
              "status": "affected",
              "version": "7.22",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TSWOS",
          "vendor": "Teltonika Networks",
          "versions": [
            {
              "lessThanOrEqual": "1.09.1",
              "status": "affected",
              "version": "1.09",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eIn Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an \u003ccode\u003eeval\u003c/code\u003e function\u003cstrong\u003e in rpc-profile,\u003c/strong\u003e a vulnerability exists where a lower privileged user could perform command injection as the \u003ccode\u003eroot\u003c/code\u003e user.\u003c/span\u003e"
            }
          ],
          "value": "In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-35",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T09:40:12.559Z",
        "orgId": "001d69cf-3fc9-4203-93fb-9865b54e05b2",
        "shortName": "tlt_net"
      },
      "references": [
        {
          "url": "https://www.teltonika-networks.com/support/security-centre"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to RUTOS 7.23.3 or later."
            }
          ],
          "value": "Update to RUTOS 7.23.3 or later."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to TSWOS 1.10 or later."
            }
          ],
          "value": "Update to TSWOS 1.10 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Command injection in Profile change function",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "001d69cf-3fc9-4203-93fb-9865b54e05b2",
    "assignerShortName": "tlt_net",
    "cveId": "CVE-2026-8914",
    "datePublished": "2026-06-05T09:36:29.744Z",
    "dateReserved": "2026-05-19T05:45:27.190Z",
    "dateUpdated": "2026-06-05T20:21:59.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4687 (GCVE-0-2025-4687)

Vulnerability from cvelistv5 – Published: 2025-05-29 08:59 – Updated: 2025-05-29 13:57
VLAI?
Title
Account pre-hijacking through invite misuse
Summary
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Teltonika Networks RMS Affected: 0 , < 5.7 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4687",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-29T13:56:14.159280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-288",
                "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T13:57:56.267Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RMS",
          "vendor": "Teltonika Networks",
          "versions": [
            {
              "lessThan": "5.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.\u003cp\u003eThis issue affects RMS: before 5.7.\u003c/p\u003e"
            }
          ],
          "value": "In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T08:59:21.859Z",
        "orgId": "001d69cf-3fc9-4203-93fb-9865b54e05b2",
        "shortName": "tlt_net"
      },
      "references": [
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://jowin922.medium.com/cve-2025-4687-pre-account-takeover-through-invite-on-teletonika-rms-website-972335378829"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Account pre-hijacking through invite misuse",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "001d69cf-3fc9-4203-93fb-9865b54e05b2",
    "assignerShortName": "tlt_net",
    "cveId": "CVE-2025-4687",
    "datePublished": "2025-05-29T08:59:21.859Z",
    "dateReserved": "2025-05-14T12:49:48.725Z",
    "dateUpdated": "2025-05-29T13:57:56.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8256 (GCVE-0-2024-8256)

Vulnerability from cvelistv5 – Published: 2024-12-10 08:56 – Updated: 2024-12-10 15:35
VLAI?
Title
Incorrect Permission Assignment in RutOS based routers and TSWOS based managed switches
Summary
In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.
CWE
  • CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
Vendor Product Version
Teltonika Networks RUTOS Affected: 7.0 , < 7.8 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:teltonika-networks:rutos_devices:7.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rutos_devices",
            "vendor": "teltonika-networks",
            "versions": [
              {
                "lessThan": "7.8",
                "status": "affected",
                "version": "7.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:teltonika-networks:tswos:1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "tswos",
            "vendor": "teltonika-networks",
            "versions": [
              {
                "lessThan": "1.3",
                "status": "affected",
                "version": "1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8256",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:32:26.176120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T15:35:59.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RUTOS",
          "vendor": "Teltonika Networks",
          "versions": [
            {
              "lessThan": "7.8",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TSWOS",
          "vendor": "Teltonika Networks",
          "versions": [
            {
              "lessThan": "1.3",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API."
            }
          ],
          "value": "In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T08:56:55.195Z",
        "orgId": "001d69cf-3fc9-4203-93fb-9865b54e05b2",
        "shortName": "tlt_net"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.deepcove.support/teltonika-responsible-disclosure-proactive-testing-report/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect Permission Assignment in RutOS based routers and TSWOS based managed switches",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "001d69cf-3fc9-4203-93fb-9865b54e05b2",
    "assignerShortName": "tlt_net",
    "cveId": "CVE-2024-8256",
    "datePublished": "2024-12-10T08:56:55.195Z",
    "dateReserved": "2024-08-28T05:26:25.399Z",
    "dateUpdated": "2024-12-10T15:35:59.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}