Lucene search
K
ConnectedioConnected Io

7 matches found

CVE
CVE
added 2023/08/04 12:0 a.m.2502 views

CVE-2023-33372

Affected software: Connected IO v2.1.0 and prior. Vulnerability details: uses a hard-coded username/password pair embedded in device firmware for MQTT communication. Impact: an attacker with access to these credentials can connect to the MQTT broker, send messages on behalf of devices, impersonat...

9.8CVSS9.4AI score0.00759EPSS
CVE
CVE
added 2023/08/04 12:0 a.m.52 views

CVE-2023-33377

CVE-2023-33377 affects Connected IO ER2000 edge routers v2.1.0 and prior. The vulnerability is an OS command injection in the “set firewall” command within the device’s communication protocol, enabling an attacker to execute arbitrary OS commands on the device. NVD/Red Hat/CNNVD references consis...

9.8CVSS9.9AI score0.01505EPSS
CVE
CVE
added 2023/08/04 12:0 a.m.49 views

CVE-2023-33375

CVE-2023-33375 affects Connected IO ER2000 edge routers (v2.1.0 and earlier). The vulnerability is a stack-based buffer overflow in the device’s communication protocol that enables an attacker to take control of the device. Documented impact is high (CVE score 9.8; Confidentiality/Integrity/Avail...

9.8CVSS9.7AI score0.00836EPSS
CVE
CVE
added 2023/08/04 12:0 a.m.48 views

CVE-2023-33378

CVE-2023-33378 affects Connected IO ER2000 edge routers (v2.1.0 and prior). The vulnerability is an argument injection flaw in the AT command message within the device’s communication protocol, which could allow an unauthenticated attacker to execute arbitrary OS commands on affected devices. The...

9.8CVSS9.9AI score0.00819EPSS
CVE
CVE
added 2023/08/04 12:0 a.m.45 views

CVE-2023-33374

Connected IO v2.1.0 and earlier are vulnerable due to a command in the communication protocol that allows the management platform to specify arbitrary OS commands for devices to execute, causing arbitrary remote command execution. Affected component: the device communication protocol in Connected...

9.8CVSS9.7AI score0.01323EPSS
CVE
CVE
added 2023/08/04 12:0 a.m.43 views

CVE-2023-33376

CVE-2023-33376 affects Connected IO ER2000 edge routers (v2.1.0 and prior). Root cause: argument injection in the iptables command message within the device’s communication protocol. Impact: attackers can remotely execute arbitrary OS commands on affected devices. CVSSv3.1 base score 9.8 (CRITICA...

9.8CVSS9.9AI score0.00819EPSS
CVE
CVE
added 2023/08/04 12:0 a.m.42 views

CVE-2023-33373

Connected IO CVE-2023-33373 affects v2.1.0 and earlier, where passwords and credentials are stored in clear-text, enabling credential exfiltration and device impersonation. Impact is credential leakage with total compromise potential; exploitation is described conceptually, with no explicit in-wi...

9.8CVSS9.3AI score0.00418EPSS