CVE-2023-6248

Name of the Vulnerable Software and Affected Versions Syrus4 IoT Gateway (affected versions not specified)

Description The Syrus4 IoT gateway has an unsecured MQTT server, allowing a remote unauthenticated attacker to execute arbitrary commands on connected devices. This exposes location, video, and diagnostic data from each device. An attacker with the server's IP address can connect and perform various operations, including getting location data, sending CAN bus messages, immobilizing vehicles, accessing live video, and sending audio messages to drivers. The issue potentially affects thousands of vehicles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.