IcscertCVE-2023-22597CVE-2023-22597
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
46.9%
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| inhandnetworks | inrouter302_firmware | * | cpe:2.3:o:inhandnetworks:inrouter302_firmware:*:*:*:*:*:*:*:* |
| inhandnetworks | inrouter302 | - | cpe:2.3:h:inhandnetworks:inrouter302:-:*:*:*:*:*:*:* |
| inhandnetworks | inrouter615-s_firmware | * | cpe:2.3:o:inhandnetworks:inrouter615-s_firmware:*:*:*:*:*:*:*:* |
| inhandnetworks | inrouter615-s | - | cpe:2.3:h:inhandnetworks:inrouter615-s:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "InRouter 302",
"vendor": "InHand Networks",
"versions": [
{
"lessThan": "IR302 V3.5.56",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InRouter 615",
"vendor": "InHand Networks",
"versions": [
{
"lessThan": "InRouter6XX-S-V2.3.0.r5542",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
46.9%