CVE-2023-33372

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 4, 2023

Updated: Aug 8, 2023

CWE ID 798

Summary

CVE-2023-33372: connectedIO's v2.1.0 and older devices contain hard-coded credentials for MQTT communication. An attacker who obtains these credentials can impersonate devices by connecting to the MQTT broker and sending unauthorized messages. Furthermore, they can bypass authentication by signing arbitrary session tokens using these credentials. This vulnerability poses a significant risk to device security and authentication processes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sOPjfs
https://www.cve.org/CVERecord?id=CVE-2023-33372
https://nvd.nist.gov/vuln/detail/CVE-2023-33372

Back to Vulnerability Database

CVE-2023-33372

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations