Lucene search

PRIOn knowledge basePRION:CVE-2023-22597

HistoryJan 12, 2023 - 11:15 p.m.

Command injection

2023-01-1223:15:00

PRIOn knowledge base

www.prio-n.com

inhand networks

inrouter 302

inrouter 615

vulnerability

cleartext transmission

sensitive information

unauthorized user

communication

cloud platform

intercept

configuration information

mqtt credentials

command injection

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

JSON

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.

CPENameOperatorVersion
inrouter302_firmwarelt3.5.56
inrouter615-s_firmwareeq< 2.3.0.r5542

CPE	Name	Operator	Version
	inrouter302_firmware	lt	3.5.56
	inrouter615-s_firmware	eq	< 2.3.0.r5542

References

www.cisa.gov/uscert/ics/advisories/icsa-23-012-03