How severe is CVE-2023-22601?

CVE-2023-22601 has a CVSS v3 score of 10 (CRITICAL).

CVE-2023-22601

10.0CRITICAL

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They d

Опубликовано: 1/12/2023Обновлено: 11/21/2024

Описание

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.

ИИ-АнализНа базе ИИ

Затронутые продукты

inhandnetworksinrouter302_firmware

inhandnetworksinrouter302

inhandnetworksinrouter615-s_firmware

inhandnetworksinrouter615-s

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03
Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03
Third Party AdvisoryUS Government Resource