CVE-2023-2586
CRITICALTeltonika Remote Management System 4.14.0 - Unauthenticated Device Registration and Remote Code Execution
Title source: llmDescription
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08
Scores
CVSS v3
9.0
EPSS
0.0102
EPSS Percentile
59.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
teltonika/remote_management_system
4.14.0
Published
May 22, 2023
Tracked Since
Feb 18, 2026