A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls.
This vulnerability was named CVE-2024-3270. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.