Main Vulnerability Database Vulnerabilities #VU71153

#VU71153 Improper access control in InRouter302 and InRouter 615 - CVE-2023-22600

Published: January 13, 2023 / Updated: January 16, 2023

Vulnerability identifier: #VU71153

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-22600

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
InRouter302
InRouter 615

Software vendor:
InHand Networks

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected products allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. A remote attacker can send GET/SET configuration commands, reboot commands, and push firmware updates.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-23-012-03

#VU71153 Improper access control in InRouter302 and InRouter 615 - CVE-2023-22600

Description

Remediation

External links

Please verify you're human