INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERT-PL
Published: 2024-02-15T09:11:14.559Z
Updated: 2024-08-01T18:04:49.430Z
Reserved: 2024-01-10T08:24:47.234Z
Link: CVE-2024-0390
Vulnrichment
Updated: 2024-08-01T18:04:49.430Z
NVD
Status : Awaiting Analysis
Published: 2024-02-15T10:15:09.043
Modified: 2024-02-15T14:28:31.380
Link: CVE-2024-0390
Redhat
No data.