CVE-2023-6248

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 21, 2023

Updated: Dec 4, 2023

CWE ID 319

CWE ID 94

CWE ID 287

CWE ID 200

Summary

CVE-2023-6248 is a critical vulnerability affecting the Syrus4 IoT gateway. The issue stems from an unsecured MQTT server that allows remote, unauthenticated attackers to execute arbitrary commands on any connected Syrus4 device. This server also leaks sensitive information, including location data, video feeds, and diagnostic data, which can be accessed by an attacker knowing the server IP address. The attacker can perform various operations such as immobilizing vehicles, sending audio messages to drivers, and getting live video through connected cameras. These actions pose significant security risks and require immediate mitigation measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database