How severe is CVE-2023-22601?

CVE-2023-22601 has a CVSS v3 score of 10 (CRITICAL).

CVE-2023-22601

10.0CRITICAL

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They d

게시됨: 1/12/2023업데이트됨: 11/21/2024

설명

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.

AI 분석AI 기반

영향받는 제품

inhandnetworksinrouter302_firmware

inhandnetworksinrouter302

inhandnetworksinrouter615-s_firmware

inhandnetworksinrouter615-s

참조

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03
Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03
Third Party AdvisoryUS Government Resource