CVE-2023-41442

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://writeups.ayyappan.me/v/tor-iot-mqtt/	Exploit Press/Media Coverage Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kloudq:tor_loco_min:*:*:*:*:*:mqtt:*:*

Configuration 2 (hide)

cpe:2.3:a:kloudq:tor_equip_gateway:1.0:*:*:*:*:mqtt:*:*

Configuration 3 (hide)

cpe:2.3:a:kloudq:tor_shield:1.0:*:*:*:*:mqtt:*:*

Configuration 4 (hide)

cpe:2.3:a:kloudq:tor_lenz:0.0.1:*:*:*:*:mqtt:*:*

History

01 Dec 2023, 16:56

Type	Values Removed	Values Added
CPE		cpe:2.3:a:kloudq:tor_loco_min::::::mqtt::* cpe:2.3:a:kloudq:tor_lenz:0.0.1:::::mqtt:: cpe:2.3:a:kloudq:tor_shield:1.0:::::mqtt:: cpe:2.3:a:kloudq:tor_equip_gateway:1.0:::::mqtt::
CWE		CWE-287
First Time		Kloudq Kloudq tor Shield Kloudq tor Loco Min Kloudq tor Equip Gateway Kloudq tor Lenz
References	~~() https://writeups.ayyappan.me/v/tor-iot-mqtt/ -~~	() https://writeups.ayyappan.me/v/tor-iot-mqtt/ - Exploit, Press/Media Coverage, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

15 Nov 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-15 22:15

Updated : 2023-12-01 16:56

NVD link : CVE-2023-41442

Mitre link : CVE-2023-41442

JSON object : View

Products Affected

kloudq

tor_loco_min
tor_shield
tor_lenz
tor_equip_gateway

CWE

CWE-287

Improper Authentication

9.8 /10