Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
InHand Networks InRouter302 安全漏洞
Vulnerability Description
InHand Networks InRouter302是美国InHand Networks公司的一个 LTE 蜂窝路由器。 InHand Networks InRouter302 V3.5.56之前版本、InRouter615 V2.3.0.r5542之前版本存在安全漏洞,该漏洞源于访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A