Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability Affecting InHand Networks InRouters
Alerts

Critical Vulnerability Affecting InHand Networks InRouters

17 January 2023

Security researchers have discovered an improper access control vulnerability (CVE-2023-22600) affecting InHand Network Inrouters. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 10 out of 10.

Successful exploitation of the vulnerability could allow unauthenticated devices to subscribe to message queuing telemetry transport (MQTT) topics on the same network as the device manager. An attacker with prior knowledge of the topics could send and receive messages to and from an existing topic and perform command or code execution and information disclosure.

The following versions of InRouters are affected:

  • InRouter 302: All versions prior to IR302 V3.5.56

  • InRouter 615: All versions prior to InRouter6XX-S-V2.3.0.r5542

Administrators and users are advised to upgrade affected devices to the following firmware versions immediately:

  • InRouter302 firmware to IR302 V3.5.56 or later

  • InRouter615 firmware to InRouter6XX-S-V2.3.0.r5542 or later

More information is available here:

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

Back to top