Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.
References
Link | Resource |
---|---|
https://claroty.com/team82/disclosure-dashboard/cve-2023-33379 | Third Party Advisory |
https://www.connectedio.com/products/routers | Product |
https://claroty.com/team82/disclosure-dashboard/cve-2023-33379 | Third Party Advisory |
https://www.connectedio.com/products/routers | Product |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://claroty.com/team82/disclosure-dashboard/cve-2023-33379 - Third Party Advisory | |
References | () https://www.connectedio.com/products/routers - Product | |
Summary |
|
10 Aug 2023, 15:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.connectedio.com/products/routers - Product | |
References | (MISC) https://claroty.com/team82/disclosure-dashboard/cve-2023-33379 - Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:connectedio:er2000t-vz-cat1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:connectedio:er2000t-vz-cat1:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
04 Aug 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-04 18:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33379
Mitre link : CVE-2023-33379
CVE.ORG link : CVE-2023-33379
JSON object : View
Products Affected
connectedio
- er2000t-vz-cat1_firmware
- er2000t-vz-cat1
CWE