Overview
- Description
- Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:connectedio:er2000t-vz-cat1_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99B02B1A-93F9-4617-B115-EE39272CFA13",
"versionEndIncluding": "2.1.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:connectedio:er2000t-vz-cat1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B92433F3-2DF8-4398-BFFE-5BF2B0CE3B9D"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]