Lucene search

[email protected]NVD:CVE-2023-22597

HistoryJan 12, 2023 - 11:15 p.m.

CVE-2023-22597

2023-01-1223:15:10

CWE-319

[email protected]

web.nvd.nist.gov

inrouter

vulnerability

cwe-319

cleartext transmission

sensitive information

cloud platform

unauthorized user

intercept communication

mqtt credentials

command injection

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

JSON

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.

Affected configurations

NVD

Node

inhandnetworksinrouter302_firmwareRange<3.5.56

AND

inhandnetworksinrouter302Match-

Node

inhandnetworksinrouter615-s_firmwareRange<2.3.0.r5542

AND

inhandnetworksinrouter615-sMatch-

References

www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for NVD:CVE-2023-22597

cve1 prion1 cvelist1 ics1