CVE-2024-8256

MEDIUM Year: 2024
Weakness Type
CWE-732
View all →

Vulnerability Description

In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.

Related Vulnerabilities

CVE-2025-21520

LOW
CVSS:1.8(Low)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exp...

CWE-7322025

CVE-2021-33509

CRITICAL
CVSS:9.9(Critical)

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

CWE-7322021

CVE-2023-40622

CRITICAL
CVSS:9.9(Critical)

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise...

CWE-7322023

CVE-2024-5618

CRITICAL
CVSS:9.9(Critical)

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...

CWE-7322024

CVE-2025-0066

CRITICAL
CVSS:9.9(Critical)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a...

CWE-7322025

CVE-2011-3923

CRITICAL
CVSS:9.8(Critical)

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

CWE-7322011