CVE-2023-31634

CRITICAL

TeslaMate <1.27.2 - Info Disclosure

Title source: llm

Description

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.

Exploits (1)

nomisec NO CODE
by iSee857 · poc
https://github.com/iSee857/CVE-2023-31634

References (2)

Scores

CVSS v3 9.8
EPSS 0.0092
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
teslamate/teslamate < 1.27.2
Published Mar 27, 2024
Tracked Since Feb 18, 2026