Lucene search

K
cve[email protected]CVE-2023-22600
HistoryJan 12, 2023 - 11:15 p.m.

CVE-2023-22600

2023-01-1223:15:10
CWE-284
web.nvd.nist.gov
20
inhand networks
inrouter 302
inrouter 615
vulnerability
cve-2023-22600
cwe-284
improper access control
mqtt
network security

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. TheyΒ allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.

Affected configurations

NVD
Node
inhandnetworksinrouter302_firmwareRange<3.5.56
AND
inhandnetworksinrouter302Match-
Node
inhandnetworksinrouter615-s_firmwareRange<2.3.0.r5542
AND
inhandnetworksinrouter615-sMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 302",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "IR302 V3.5.56",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 615",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "InRouter6XX-S-V2.3.0.r5542",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

Related for CVE-2023-22600