Unknown · Openthread · CVE-2023-2626
**Name of the Vulnerable Software and Affected Versions**
OpenThread border router devices and implementations (affected versions not specified)
**Description**
The issue is an authentication bypass vulnerability that allows unauthenticated nodes to craft radio frames using a special mode called `Key ID Mode 2`. This mode uses a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send or receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain network vulnerabilities that would normally be mitigated by the home router's NAT firewall.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.