Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 16 Jan 2025 22:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: icscert
Published: 2023-05-22T15:06:30.677Z
Updated: 2025-01-16T21:34:38.037Z
Reserved: 2023-05-08T22:09:42.680Z
Link: CVE-2023-2587
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-02T06:26:09.758Z
 NVD
                        NVD
                    Status : Modified
Published: 2023-05-22T16:15:09.677
Modified: 2024-11-21T07:58:53.020
Link: CVE-2023-2587
 Redhat
                        Redhat
                    No data.