2 matches found
PT-2026-39640
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
PT-2019-4894 · Eclipse +3 · Eclipse Mosquitto +3
Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions 1.5.0 through 1.6.5 Description: The issue is related to insufficient exception state checking, which can be exploited by a remote attacker to cause a denial of service. This can happen when a malicious MQTT client...