How severe is CVE-2023-32346?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-32346?

This is classified as CWE-204, which is a common weakness in software security.

CVE-2023-32346 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.

Related Vulnerabilities

CVE-2016-9499

MEDIUM

CVSS:5.3(Medium)

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts an...

CWE-2042016

CVE-2019-19030

MEDIUM

CVSS:5.3(Medium)

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

CWE-2042019

CVE-2021-20556

MEDIUM

CVSS:5.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

CWE-2042021

CVE-2021-36201

MEDIUM

CVSS:5.3(Medium)

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.

CWE-2042021

CVE-2021-38476

MEDIUM

CVSS:5.3(Medium)

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate differe...

CWE-2042021

CVE-2021-39189

MEDIUM

CVSS:5.3(Medium)

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in versio...

CWE-2042021