CVE-2023-22600

🗓️ 12 Jan 2023 22:33:16Reported by icscertType

InHand Networks InRouter 302 and InRouter 615 before respective versions allow unauthenticated MQTT topic subscriptions, leading to improper access control

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.	3 Feb 202300:00	–	bdu_fstec
Circl	CVE-2023-22600	16 May 202317:37	–	circl
CNNVD	InHand Networks InRouter302 安全漏洞	12 Jan 202300:00	–	cnnvd
Cvelist	CVE-2023-22600	12 Jan 202322:33	–	cvelist
EUVD	EUVD-2023-26737	3 Oct 202520:07	–	euvd
ICS	InHand Networks InRouter	12 Jan 202300:00	–	ics
NVD	CVE-2023-22600	12 Jan 202323:15	–	nvd
Prion	Improper access control	12 Jan 202323:15	–	prion
Positive Technologies	PT-2023-1283 · Inhand Networks · Inrouter 615 +1	12 Jan 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-22600	23 May 202504:45	–	redhatcve

NVD

Vulners

Node

inhandnetworks inrouter302_firmwareRange<3.5.56

AND

inhandnetworks inrouter302Match-

Node

inhandnetworks inrouter615-s_firmwareRange<2.3.0.r5542

AND

inhandnetworks inrouter615-sMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 302",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "IR302 V3.5.56",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 615",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "InRouter6XX-S-V2.3.0.r5542",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

17 Jun 2026 05:35Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.1 - 10

EPSS0.00492

SSVC

CWE-284