Lucene search

K
cve[email protected]CVE-2023-22597
HistoryJan 12, 2023 - 11:15 p.m.

CVE-2023-22597

2023-01-1223:15:10
CWE-319
web.nvd.nist.gov
24
inhand networks
inrouter 302
inrouter 615
vulnerability
cwe-319
cleartext transmission
sensitive information
mqtt

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.

Affected configurations

NVD
Node
inhandnetworksinrouter302_firmwareRange<3.5.56
AND
inhandnetworksinrouter302Match-
Node
inhandnetworksinrouter615-s_firmwareRange<2.3.0.r5542
AND
inhandnetworksinrouter615-sMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 302",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "IR302 V3.5.56",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 615",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "InRouter6XX-S-V2.3.0.r5542",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

Related for CVE-2023-22597