What is the severity of CVE-2023-22600?

CVE-2023-22600 has been categorized as a moderate severity vulnerability due to improper access control.

How do I fix CVE-2023-22600?

To fix CVE-2023-22600, update the InRouter 302 to version IR302 V3.5.56 or later, or InRouter 615 to version InRouter6XX-S-V2.3.0.r5542 or later.

What devices are affected by CVE-2023-22600?

CVE-2023-22600 affects InHand Networks InRouter 302 and InRouter 615 devices running firmware versions prior to the specified secure versions.

What type of vulnerability is CVE-2023-22600?

CVE-2023-22600 is classified under CWE-284, which involves improper access control allowing unauthorized access.

Can CVE-2023-22600 be exploited remotely?

Yes, CVE-2023-22600 can be exploited by unauthenticated devices on the same network as the affected device, allowing them to subscribe to MQTT topics.

Vulnerability/
CVE-2023-22600

critical

CWE

284

12/1/2023

16/1/2025

CVE-2023-22600

First published: Thu Jan 12 2023(Updated: )

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
InHand Networks InRouter 302
InHand Networks InRouter 615
Inhand Networks InRouter302 Firmware	<3.5.56
Inhandnetworks Inrouter302 Firmware
Inhand Networks InRouter 615-S Firmware	<2.3.0.r5542
InHand Networks InRouter 615-S

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-23-012-03

Frequently Asked Questions

What is the severity of CVE-2023-22600?
CVE-2023-22600 has been categorized as a moderate severity vulnerability due to improper access control.
How do I fix CVE-2023-22600?
To fix CVE-2023-22600, update the InRouter 302 to version IR302 V3.5.56 or later, or InRouter 615 to version InRouter6XX-S-V2.3.0.r5542 or later.
What devices are affected by CVE-2023-22600?
CVE-2023-22600 affects InHand Networks InRouter 302 and InRouter 615 devices running firmware versions prior to the specified secure versions.
What type of vulnerability is CVE-2023-22600?
CVE-2023-22600 is classified under CWE-284, which involves improper access control allowing unauthorized access.
Can CVE-2023-22600 be exploited remotely?
Yes, CVE-2023-22600 can be exploited by unauthenticated devices on the same network as the affected device, allowing them to subscribe to MQTT topics.

agent/type
agent/weakness
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/references
agent/event
agent/trending
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-index
vendor/inhand networks
canonical/inhand networks inrouter 302
canonical/inhand networks inrouter 615
vendor/inhandnetworks
canonical/inhand networks inrouter302 firmware
canonical/inhandnetworks inrouter302 firmware
canonical/inhand networks inrouter 615-s firmware
canonical/inhand networks inrouter 615-s

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.