CVE-2024-31486

Name of the Vulnerable Software and Affected Versions: OPUPI0 AMQP/MQTT versions prior to V5.30

Description: A vulnerability has been identified that allows an attacker with remote shell access or physical access to retrieve credentials due to insufficient protection of stored MQTT client passwords, leading to confidentiality loss. The issue is related to the storage of confidential information without encryption.

Recommendations: For versions prior to V5.30, update to version V5.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved.