CVE-2023-22601

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542

Description The issue is related to the use of insufficiently random values, specifically with the MQTT ClientID parameters, which are not properly randomized. This could allow an unauthorized user to calculate the parameter and gather additional information about other InHand devices managed on the same cloud platform.

Recommendations For InHand Networks InRouter 302 versions prior to IR302 V3.5.56, update to version IR302 V3.5.56 or later to resolve the issue. For InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542, update to version InRouter6XX-S-V2.3.0.r5542 or later to resolve the issue. As a temporary workaround, consider restricting access to the MQTT ClientID parameter to minimize the risk of exploitation.