cbcvebase.
CVE-2023-1083
published 2024-04-09

CVE-2023-1083: An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.7th percentile
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.

Affected

14 ranges
VendorProductVersion rangeFixed in
welotectk515l< v2.3.0.r5542v2.3.0.r5542
welotectk515l-w< v2.3.0.r5542v2.3.0.r5542
welotectk515l-w_set< v2.3.0.r5542v2.3.0.r5542
welotectk515l_set< v2.3.0.r5542v2.3.0.r5542
welotectk525l< v2.3.0.r5542v2.3.0.r5542
welotectk525l-w< v2.3.0.r5542v2.3.0.r5542
welotectk525l-w_set< v2.3.0.r5542v2.3.0.r5542
welotectk525l_set< v2.3.0.r5542v2.3.0.r5542
welotectk525u< v2.3.0.r5542v2.3.0.r5542
welotectk525u_set< v2.3.0.r5542v2.3.0.r5542
welotectk525w< v2.3.0.r5542v2.3.0.r5542
welotectk525w_set< v2.3.0.r5542v2.3.0.r5542
welotectk535l1< v2.3.0.r5542v2.3.0.r5542
welotectk535l1_set< v2.3.0.r5542v2.3.0.r5542
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.