A critical vulnerability exists in multiple Telpo Mobile Device Management (MDM) products that exposes sensitive administrator credentials and server connection details in plaintext within device log files. An attacker with access to these files could gain complete administrative control over the entire fleet of managed devices, leading to widespread data compromise and operational disruption. Immediate patching is required to prevent a full-scale system takeover.

The Telpo MDM application for Android improperly stores highly sensitive information, including administrator account credentials and MQTT server connection details (IP address and port), in plaintext format within log files. These log files are saved to the device's external storage, which is a less secure location accessible by other applications or a user with physical access. An attacker who gains access to these log files can directly harvest the credentials and server information, allowing them to connect to the MDM server with full administrative privileges and compromise the entire device management infrastructure.

This vulnerability is rated as critical severity with a CVSS score of 9.1, reflecting the extreme risk it poses to the organization. Successful exploitation would grant an attacker complete administrative control over the Telpo MDM platform. This level of access could lead to severe consequences, including the ability to push malicious applications to all managed devices, exfiltrate sensitive corporate data, remotely wipe or lock devices causing major business disruption, and use the compromised devices as a foothold to launch further attacks against the internal network.

Immediate Action: Immediately apply the security update provided by the vendor to upgrade all instances of Telpo MDM to the latest, patched version. Following the update, closely monitor MDM administration portals for any signs of unauthorized access or configuration changes that may have occurred prior to patching. System administrators should review all administrative access logs for suspicious activity, such as logins from unrecognized IP addresses.

Proactive Monitoring: Implement enhanced monitoring on the MDM server and managed devices. Specifically, monitor for unusual administrative login patterns, unexpected policy changes, or mass device commands being issued. On the endpoints, monitor for unauthorized access to the application's log file directories on external storage. Network monitoring should be configured to flag connections to the MQTT server from non-standard or untrusted IP ranges.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to mitigate risk:

• Restrict physical access to all devices running the vulnerable software.
• Utilize a Mobile Threat Defense (MTD) solution to detect and block malicious applications that may attempt to read data from external storage.
• Change the MDM administrator passwords immediately to invalidate any credentials that may have already been exposed.
• Implement network access controls to limit which IP addresses can connect to the MDM management and MQTT servers.

Public Exploit Available: false

Given the critical CVSS score of 9.1 and the potential for a complete compromise of the device management infrastructure, this vulnerability represents a severe and immediate threat. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patch to all affected Telpo MDM products without delay. Although this CVE is not currently listed on the CISA KEV list, its high impact makes it a prime candidate for future exploitation, and it must be treated as a top-priority remediation task.