InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-01-12T22:27:53.790Z
Updated:
Reserved: 2023-01-03T19:55:20.124Z
Link: CVE-2023-22597
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-12T23:15:10.203
Modified: 2023-11-07T04:07:04.990
Link: CVE-2023-22597
JSON object: View
Redhat Information
No data.
CWE