CVE-2023-1083

Summary

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.

Affected Software

VendorProductVersion RangeStatus
WelotecTK515L0 < v2.3.0.r5542affected
WelotecTK515L Set0 < v2.3.0.r5542affected
WelotecTK515L-W0 < v2.3.0.r5542affected
WelotecTK515L-W Set0 < v2.3.0.r5542affected
WelotecTK525L0 < v2.3.0.r5542affected
WelotecTK525L Set0 < v2.3.0.r5542affected
WelotecTK525L-W0 < v2.3.0.r5542affected
WelotecTK525L-W Set0 < v2.3.0.r5542affected
WelotecTK525U0 < v2.3.0.r5542affected
WelotecTK525U Set0 < v2.3.0.r5542affected
WelotecTK525W0 < v2.3.0.r5542affected
WelotecTK525W Set0 < v2.3.0.r5542affected
WelotecTK535L10 < v2.3.0.r5542affected
WelotecTK535L1 Set0 < v2.3.0.r5542affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References