CVE-2023-22599 - OpenCVE

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into an MD5 hash. This string could be easily calculated by an unauthorized user who spoofed sending an HTTP/HTTPS request to the devices. This could result in the affected devices being temporarily disconnected from the cloud platform and allow the user to receive MQTT commands with potentially sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Inhandnetworks	Inrouter302 Inrouter302 Firmware Inrouter615-s Inrouter615-s Firmware

Configuration 1 [-]

AND

cpe:2.3:h:inhandnetworks:inrouter302:-:*:*:*:*:*:*:*

cpe:2.3:o:inhandnetworks:inrouter302_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:inhandnetworks:inrouter615-s:-:*:*:*:*:*:*:*

cpe:2.3:o:inhandnetworks:inrouter615-s_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-12T22:31:55.394Z

Updated: 2024-08-02T10:13:49.410Z

Reserved: 2023-01-03T19:55:20.124Z

Link: CVE-2023-22599

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-12T23:15:10.360

Modified: 2023-11-07T04:07:05.400

Link: CVE-2023-22599

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22599", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-01-03T19:55:20.124Z", "datePublished": "2023-01-12T22:31:55.394Z", "dateUpdated": "2024-08-02T10:13:49.410Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "InRouter 302", "vendor": "InHand Networks", "versions": [{"lessThan": "IR302 V3.5.56", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "InRouter 615", "vendor": "InHand Networks", "versions": [{"lessThan": "InRouter6XX-S-V2.3.0.r5542", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Roni Gavrilov"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "OTORIO"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They \n\n<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into an MD5 hash. This string could be easily calculated by an unauthorized user who spoofed sending an HTTP/HTTPS request to the devices. This could result in the affected devices being temporarily disconnected from the cloud platform and allow the user to receive MQTT commands with potentially sensitive information. </span>\n\n </span>\n\n \n\n </span>\n\n"}], "value": "\nInHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They\u00a0\n\nsend MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into an MD5 hash. This string could be easily calculated by an unauthorized user who spoofed sending an HTTP/HTTPS request to the devices. This could result in the affected devices being temporarily disconnected from the cloud platform and allow the user to receive MQTT commands with potentially sensitive information. \n\n \n\n \n\n \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-760", "description": "CWE-760 Use of a One-way Hash with a Predictable Salt", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-12T22:31:55.394Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.410Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:inhandnetworks:inrouter302:-:*:*:*:*:*:*:*", "matchCriteriaId": "B361EE15-6BF4-4D50-AD36-5AC31A101F2E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:inhandnetworks:inrouter302_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61C63AA2-2DB5-4E01-9C62-7F78EC298C3F", "versionEndExcluding": "3.5.56", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:inhandnetworks:inrouter615-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "88C88156-94C3-4EFE-9AAB-A9E2BA114ABC", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:inhandnetworks:inrouter615-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CC78CBF-AC9D-4581-95DE-CE869505C479", "versionEndExcluding": "2.3.0.r5542", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nInHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They\u00a0\n\nsend MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into an MD5 hash. This string could be easily calculated by an unauthorized user who spoofed sending an HTTP/HTTPS request to the devices. This could result in the affected devices being temporarily disconnected from the cloud platform and allow the user to receive MQTT commands with potentially sensitive information. \n\n \n\n \n\n \n\n"}, {"lang": "es", "value": "InHand Networks InRouter 302, anterior a la versi\u00f3n IR302 V3.5.56, e InRouter 615, anterior a la versi\u00f3n InRouter6XX-S-V2.3.0.r5542, contienen la vulnerabilidad CWE-760: uso de un hash unidireccional con una sal predecible. Env\u00edan credenciales MQTT en respuesta a solicitudes HTTP/HTTPS desde la plataforma en la nube. Estas credenciales se codifican mediante una cadena codificada en un hash MD5. Esta cadena podr\u00eda ser calculada f\u00e1cilmente por un usuario no autorizado que falsific\u00f3 el env\u00edo de una solicitud HTTP/HTTPS a los dispositivos. Esto podr\u00eda provocar que los dispositivos afectados se desconecten temporalmente de la plataforma en la nube y permitir que el usuario reciba comandos MQTT con informaci\u00f3n potencialmente confidencial."}], "id": "CVE-2023-22599", "lastModified": "2023-11-07T04:07:05.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-01-12T23:15:10.360", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-760"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}