An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2024-009 |
History
Wed, 02 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Welotec
Welotec tk515l Welotec tk525l Welotec tk525u Welotec tk525w Welotec tk535l1 |
|
Weaknesses | CWE-284 | |
CPEs | cpe:2.3:h:welotec:tk515l:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk525l:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk525u:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk525w:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk535l1:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Welotec
Welotec tk515l Welotec tk525l Welotec tk525u Welotec tk525w Welotec tk535l1 |
|
Metrics |
ssvc
|
Wed, 02 Oct 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. |
Weaknesses | CWE-306 |
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2024-04-09T08:25:46.915Z
Updated: 2024-10-02T05:26:02.183Z
Reserved: 2023-02-28T08:11:19.318Z
Link: CVE-2023-1083
Vulnrichment
Updated: 2024-08-02T05:32:46.397Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T09:15:19.937
Modified: 2024-11-21T07:38:25.657
Link: CVE-2023-1083
Redhat
No data.