CVE-2023-49115

Name of the Vulnerable Software and Affected Versions MachineSense devices (affected versions not specified) FeverWarn ESP32 (affected versions not specified) FeverWarn RaspberryPi (affected versions not specified) FeverWarn DataHub RaspberryPi (affected versions not specified)

Description The issue is related to the lack of authentication procedure for a critical function when processing MQTT messages, which can allow a remote attacker to gain unauthorized access to protected information. MachineSense devices use unauthenticated MQTT messaging to monitor devices and allow remote viewing of sensor data by users.

Recommendations For MachineSense devices, consider disabling the use of unauthenticated MQTT messaging until a proper authentication mechanism is implemented. For FeverWarn ESP32, FeverWarn RaspberryPi, and FeverWarn DataHub RaspberryPi, restrict access to critical functions that process MQTT messages until an authentication procedure is put in place. As a temporary workaround, consider implementing additional security measures to minimize the risk of exploitation, such as restricting remote access to sensor data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.