Design/Logic Flaw

2023-11-1522:15:00

PRIOn knowledge base

www.prio-n.com

kloudq technologies

tor equip

tor loco mini

design flaw

remote code execution

crafted request

mqtt

8.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.

CPENameOperatorVersion
tor_equip_gatewayeq1.0
tor_lenzeq0.0.1
tor_loco_minge1.0
tor_loco_minle3.1
tor_shieldeq1.0

Name	Operator	Version
tor_equip_gateway	eq	1.0
tor_lenz	eq	0.0.1
tor_loco_min	ge	1.0
tor_loco_min	le	3.1
tor_shield	eq	1.0

References

writeups.ayyappan.me/v/tor-iot-mqtt/