An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
History

Wed, 02 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Welotec
Welotec tk515l
Welotec tk525l
Welotec tk525u
Welotec tk525w
Welotec tk535l1
Weaknesses CWE-284
CPEs cpe:2.3:h:welotec:tk515l:*:*:*:*:*:*:*:*
cpe:2.3:h:welotec:tk525l:*:*:*:*:*:*:*:*
cpe:2.3:h:welotec:tk525u:*:*:*:*:*:*:*:*
cpe:2.3:h:welotec:tk525w:*:*:*:*:*:*:*:*
cpe:2.3:h:welotec:tk535l1:*:*:*:*:*:*:*:*
Vendors & Products Welotec
Welotec tk515l
Welotec tk525l
Welotec tk525u
Welotec tk525w
Welotec tk535l1
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 02 Oct 2024 05:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
Weaknesses CWE-306

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-04-09T08:25:46.915Z

Updated: 2024-10-02T05:26:02.183Z

Reserved: 2023-02-28T08:11:19.318Z

Link: CVE-2023-1083

cve-icon Vulnrichment

Updated: 2024-08-02T05:32:46.397Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-09T09:15:19.937

Modified: 2024-11-21T07:38:25.657

Link: CVE-2023-1083

cve-icon Redhat

No data.