logo

Security

Centre

Any device that is connected to the internet is subject to cyber-attacks. Here we provide all the information about any existing or potential security vulnerabilities related to our connectivity products.

SECURITY NOTIFICATIONS

REPORT A VULNERABILITY

VULNERABILITY DISCLOSURE POLICY
REPORT DETAILS

-Affected product(s) and software version(s);

-Vulnerability overview;

-Issue description and impact (including arbitrary code execution, information disclosure, etc.);

-Instructions to reproduce the issue; A proof-of-concept (POC).

SCOPE

Only reports related to security vulnerabilities that affect Teltonika Networks products or services will be accepted. Bugs or other issues not related to security will not be addressed via this channel. Please see the following vulnerability handling process:

SECURITY DECLARATION

Providing secure products and services is a high priority to us. Therefore, we strive to ensure that our products and services are designed, developed, and rigorously tested with a focus on security at every stage.

For this reason, we have a dedicated Cyber Security Team closely collaborating with engineers through the development lifecycle. The Cyber Security Team regularly performs internal and external security audits. They include vulnerability management, penetration tests, threat modeling, attack surface reduction, code reviews, static code scanning, and continuous improvements of the development process to meet “secure by design” principles.

Every employee in Teltonika Networks must complete an annual cyber security course involving general cyber security awareness and development practices. Besides, our development teams are educated in common software weakness types and vulnerabilities, unsecure functions, memory management, and information security concepts, such as defense in depth, attack surface, or privilege escalation.

We welcome all customer reports regarding security issues and take high-priority action on quick and decisive remediation. Any information provided to us will only be used to resolve security vulnerabilities swiftly and efficiently. 

image
"In an ever-increasing complexity of globally connected digital devices, ensuring cybersecurity is no longer an optional task. The first step should always be keeping your devices up-to date."

REPORTS

High
VULNERABILITY TITLE
Inclusion of web functionality from an untrusted source
PRODUCT TYPE
RMS
ID
CVE-2023-2588
VULNERABILITY REPORT DATE
2023-02-05 04:36
LAST UPDATE
2023-05-18 06:23
High
VULNERABILITY TITLE
Stored XSS in RMS Devices page
PRODUCT TYPE
RMS
ID
CVE-2023-2587
VULNERABILITY REPORT DATE
2023-02-05 01:33
LAST UPDATE
2023-05-18 03:54
High
VULNERABILITY TITLE
RMS Device Impersonation
PRODUCT TYPE
RMS
ID
CVE-2023-32347
VULNERABILITY REPORT DATE
2023-01-31 04:45
LAST UPDATE
2023-05-12 08:49
Medium
VULNERABILITY TITLE
Access to Internal RMS Services using SSRF
PRODUCT TYPE
RMS
ID
CVE-2023-32348
VULNERABILITY REPORT DATE
2023-01-31 02:40
LAST UPDATE
2023-05-18 10:12
Medium
VULNERABILITY TITLE
RMS Device Enumeration and Profiling
PRODUCT TYPE
RMS
ID
CVE-2023-32346
VULNERABILITY REPORT DATE
2023-01-31 02:31
LAST UPDATE
2023-05-12 10:38
High
VULNERABILITY TITLE
Remote Code Execution Through OS Command Injection
PRODUCT TYPE
Gateway, Routers
ID
CVE-2023-32350
VULNERABILITY REPORT DATE
2023-01-31 10:55
LAST UPDATE
2023-05-18 11:31
Contact us