CVE-2023-33379

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue is related to a misconfiguration in the MQTT broker used for management and device communication. This misconfiguration allows devices to connect to the broker and issue commands to other devices, effectively impersonating the Connected IO management platform. As a result, an attacker could send commands to all of Connected IO's devices.

Recommendations For versions 2.1.0 and prior, consider restricting access to the MQTT broker to prevent unauthorized devices from connecting and issuing commands. As a temporary workaround, restrict the ability of devices to impersonate the management platform until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.