CVE-2023-22597

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542

Description The issue is related to the use of an unsecured channel for data transmission by default, which may allow a remote attacker to gain unauthorized access to sensitive information or execute arbitrary commands using the MQTT protocol. This could enable an unauthorized user to intercept communication and steal sensitive information, such as configuration information and MQTT credentials, potentially allowing MQTT command injection.

Recommendations For InHand Networks InRouter 302 versions prior to IR302 V3.5.56, update to version IR302 V3.5.56 or later. For InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542, update to version InRouter6XX-S-V2.3.0.r5542 or later. As a temporary workaround, consider restricting access to the MQTT protocol to minimize the risk of exploitation.