InRouter Devices from InHand Networks Vulnerable to Unauthorized Access via MQTT

CVECVE-2023-22600
CVSScvssV3_1: 10
SourceCVE-2023-22600

InRouter network devices from InHand Networks are affected by a vulnerability that allows unauthorized access via MQTT.

MQTT (Message Queuing Telemetry Transport) is a common protocol used for IoT connectivity that allows devices to publish messages to topics and subscribe to receive messages from topics. The affected InRouter devices did not implement proper access controls for MQTT topics, allowing any device on the local network to subscribe to existing topics without authentication.

An attacker who knows the name of a topic the device is using could subscribe to it, and then send and receive messages, commands and firmware updates. This could allow the attacker to fully control the device’s configuration settings, reboot it remotely, or push a compromised firmware update.

If you have an InRouter device in use, you should check its firmware version and update to the latest release listed in the advisory if needed. You should also consider changing any default MQTT topic names and securing your local network to prevent unauthorized access. Following basic security practices like changing default passwords, keeping devices up to date, and properly segmenting networks can help prevent exploitation of vulnerabilities like this.

References