Vulnerabilities > CVE-2023-22601 - Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

inhandnetworks

NVD

Published: 2023-01-12

Updated: 2024-11-21

Summary

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.

Vulnerable Configurations

Part	Description	Count
OS	Inhandnetworks Inhandnetworks Inrouter302 Firmware - Inhandnetworks Inrouter302 Firmware 3.5.4 Inhandnetworks Inrouter302 Firmware 3.5.37 Inhandnetworks Inrouter302 Firmware 3.5.45 Inhandnetworks Inrouter615 S Firmware *	5
Hardware	Inhandnetworks Inhandnetworks Inrouter302 - Inhandnetworks Inrouter615 S -	2

Summary

Vulnerable Configurations

References