CVE Vulnerabilities

CVE-2023-33379

Published: Aug 04, 2023 | Modified: Aug 10, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IOs devices.

Affected Software

Name Vendor Start Version End Version
Er2000t-vz-cat1_firmware Connectedio * 2.1.0 (including)

References