CVE-2023-2587— Teltonika Remote Management System 跨站脚本漏洞

N/A

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Teltonika Remote Management System 跨站脚本漏洞

Teltonika Remote Management System是Teltonika公司的一个远程管理系统，用于管理Teltonika产品。 Teltonika Remote Management System 4.10.0之前版本存在跨站脚本漏洞，该漏洞源于在 Web 界面的主页中包含跨站点脚本 (XSS) 漏洞。攻击者利用该漏洞在用户环境中执行脚本并在托管设备上远程执行代码。

N/A

N/A