Teltonika Networks Remote Management System Account Pre-Hijacking Vulnerability via Invite Misuse

Vulnerability

A vulnerability allowing account pre-hijacking has been identified in Teltonika Networks Remote Management System (RMS) versions prior to 5.7. This issue arises from a misuse of the invite functionality. When a victim receives a pending invite and registers directly on the platform, they are unknowingly added to the attacker's company. Consequently, the attacker gains the ability to manage the victim's account and company.

Impact

Exploitation of this vulnerability allows an attacker to take control of a victim's account and manage their associated company within the Teltonika RMS platform.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Teltonika Networks Remote Management System Account Pre-Hijacking Vulnerability via Invite Misuse

Vulnerability

Impact

Affected Products

Teltonika Networks Remote Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating