CVE-2023-22600

🗓️ 12 Jan 2023 22:33:16Reported by icscertType

InHand Networks InRouter 302 and InRouter 615 prior to specified versions allow unauthenticated devices to access MQTT topics, enabling unauthorized users to send and receive messages and execute commands

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.	3 Feb 202300:00	–	bdu_fstec
Circl	CVE-2023-22600	16 May 202317:37	–	circl
CNNVD	InHand Networks InRouter302 安全漏洞	12 Jan 202300:00	–	cnnvd
CVE	CVE-2023-22600	12 Jan 202322:33	–	cve
EUVD	EUVD-2023-26737	3 Oct 202520:07	–	euvd
ICS	InHand Networks InRouter	12 Jan 202300:00	–	ics
NVD	CVE-2023-22600	12 Jan 202323:15	–	nvd
Prion	Improper access control	12 Jan 202323:15	–	prion
Positive Technologies	PT-2023-1283 · Inhand Networks · Inrouter 615 +1	12 Jan 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-22600	23 May 202504:45	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 302",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "IR302 V3.5.56",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "InRouter 615",
    "vendor": "InHand Networks",
    "versions": [
      {
        "lessThan": "InRouter6XX-S-V2.3.0.r5542",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

12 Jan 2023 22:33Current

9.6High risk

Vulners AI Score9.6

CVSS 3.110

EPSS0.00243

CWE-284