Lucene search

[email protected]NVD:CVE-2023-22601

HistoryJan 12, 2023 - 11:15 p.m.

CVE-2023-22601

2023-01-1223:15:10

CWE-330

[email protected]

web.nvd.nist.gov

inhand networks

inrouter devices

insufficiently randomized

mqtt

cwe-330

unauthorized access

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.

Affected configurations

NVD

Node

inhandnetworksinrouter302_firmwareRange<3.5.56

AND

inhandnetworksinrouter302Match-

Node

inhandnetworksinrouter615-s_firmwareRange<2.3.0.r5542

AND

inhandnetworksinrouter615-sMatch-

References

www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for NVD:CVE-2023-22601

prion1 cvelist1 cve1 ics1 thn1