7 matches found
CVE-2023-33372
Affected software: Connected IO v2.1.0 and prior. Vulnerability details: uses a hard-coded username/password pair embedded in device firmware for MQTT communication. Impact: an attacker with access to these credentials can connect to the MQTT broker, send messages on behalf of devices, impersonat...
CVE-2023-33377
CVE-2023-33377 affects Connected IO ER2000 edge routers v2.1.0 and prior. The vulnerability is an OS command injection in the “set firewall” command within the device’s communication protocol, enabling an attacker to execute arbitrary OS commands on the device. NVD/Red Hat/CNNVD references consis...
CVE-2023-33375
CVE-2023-33375 affects Connected IO ER2000 edge routers (v2.1.0 and earlier). The vulnerability is a stack-based buffer overflow in the device’s communication protocol that enables an attacker to take control of the device. Documented impact is high (CVE score 9.8; Confidentiality/Integrity/Avail...
CVE-2023-33378
CVE-2023-33378 affects Connected IO ER2000 edge routers (v2.1.0 and prior). The vulnerability is an argument injection flaw in the AT command message within the device’s communication protocol, which could allow an unauthenticated attacker to execute arbitrary OS commands on affected devices. The...
CVE-2023-33374
Connected IO v2.1.0 and earlier are vulnerable due to a command in the communication protocol that allows the management platform to specify arbitrary OS commands for devices to execute, causing arbitrary remote command execution. Affected component: the device communication protocol in Connected...
CVE-2023-33376
CVE-2023-33376 affects Connected IO ER2000 edge routers (v2.1.0 and prior). Root cause: argument injection in the iptables command message within the device’s communication protocol. Impact: attackers can remotely execute arbitrary OS commands on affected devices. CVSSv3.1 base score 9.8 (CRITICA...
CVE-2023-33373
Connected IO CVE-2023-33373 affects v2.1.0 and earlier, where passwords and credentials are stored in clear-text, enabling credential exfiltration and device impersonation. Impact is credential leakage with total compromise potential; exploitation is described conceptually, with no explicit in-wi...