CVE-2023-2587 HIGH

CVE-2023-2587

Vendor Teltonika

Product Remote Management System

Weakness CWE-79 · XSS

Published May 22, 2023

Last update January 16, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.

Key dates

02Disclosure timeline

May 22, 2023 CVE published

January 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2587 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-6540 web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter CVE-2025-54300 Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla CVE-2025-31682 Google Tag - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-011 CVE-2026-4355 Portabilis i-Educar Endpoint educar_servidor_curso_lst.php cross site scripting CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting