What is the severity of CVE-2023-32346?

CVE-2023-32346 has been classified with a critical severity due to its potential impact on device security.

How do I fix CVE-2023-32346?

To mitigate CVE-2023-32346, upgrade the Teltonika Remote Management System to version 4.10.0 or later.

What are the potential impacts of CVE-2023-32346?

CVE-2023-32346 can potentially allow unauthorized users to claim devices and access sensitive information.

Which versions of the Teltonika Remote Management System are affected by CVE-2023-32346?

CVE-2023-32346 affects all versions of the Teltonika Remote Management System prior to 4.10.0.

Is there a workaround for CVE-2023-32346?

There are no documented workarounds for CVE-2023-32346; the only solution is to update the software.

Vulnerability/
CVE-2023-32346

medium

5.3

CWE

204

22/5/2023

16/1/2025

CVE-2023-32346

First published: Mon May 22 2023(Updated: )

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Teltonika Remote Management System	<4.10.0
Teltonika Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588)
Teltonika Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586)
Teltonika RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349)
Teltonika RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350)

Never miss a vulnerability like this again

Reference Links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

ICSA-23-131-08

Frequently Asked Questions

What is the severity of CVE-2023-32346?
CVE-2023-32346 has been classified with a critical severity due to its potential impact on device security.
How do I fix CVE-2023-32346?
To mitigate CVE-2023-32346, upgrade the Teltonika Remote Management System to version 4.10.0 or later.
What are the potential impacts of CVE-2023-32346?
CVE-2023-32346 can potentially allow unauthorized users to claim devices and access sensitive information.
Which versions of the Teltonika Remote Management System are affected by CVE-2023-32346?
CVE-2023-32346 affects all versions of the Teltonika Remote Management System prior to 4.10.0.
Is there a workaround for CVE-2023-32346?
There are no documented workarounds for CVE-2023-32346; the only solution is to update the software.

collector/nvd-index
agent/type
agent/author
agent/weakness
agent/references
agent/description
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/event
agent/first-publish-date
agent/tags
agent/source
vendor/teltonika
canonical/teltonika remote management system
canonical/teltonika remote management system (rms): versions prior to 4.10.0 (affected by cve-2023-32346, cve-2023-32347, cve-2023-32348, cve-2023-2587, cve-2023-2588)
canonical/teltonika remote management system (rms): versions prior to 4.14.0 (affected by cve-2023-2586)
canonical/teltonika rut model routers: version 00.07.00 through 00.07.03.4 (affected by cve-2023-32349)
canonical/teltonika rut model routers: version 00.07.00 through 00.07.03 (affected by cve-2023-32350)