CVE-2024-8256

EUVD-2024-49594
In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
teltonika-networksrutos_devices
7.0 ≤
𝑥
< 7.8
ADP
teltonika-networkstswos
1.0 ≤
𝑥
< 1.3
ADP
Common Weakness Enumeration
References
https://www.deepcove.support/teltonika-responsible-disclosure-proactive-testing-report/