CVE-2023-32348 MEDIUM

CVE-2023-32348

Vendor Teltonika
Product Remote Management System
Weakness CWE-918 · SSRF
Published May 22, 2023
Last update January 16, 2025
View on NVD All CVEs

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.

Key dates

02Disclosure timeline

May 22, 2023 CVE published
January 16, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-12560 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url CVE-2022-4096 Server-Side Request Forgery (SSRF) in appsmithorg/appsmith CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale) CVE-2024-0216 Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL