CVE-2024-8256 | THREATINT

Description

In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.

PUBLISHED Reserved 2024-08-28 | Published 2024-12-10 | Updated 2024-12-10 | Assigner tlt_net

MEDIUM: 5.9CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

7.0 (custom) before 7.8

affected

Default status

unaffected

1.0 (custom) before 1.3

affected

References

www.deepcove.support/...disclosure-proactive-testing-report/ third-party-advisory

cve.org (CVE-2024-8256)

nvd.nist.gov (CVE-2024-8256)

Download JSON