CVE-2023-1083

EUVD-2023-23370
An unauthenticated remote attacker who is aware of a MQTT  topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
welotectk515l
𝑥
< 2.3.0.r5542
ADP
welotectk525l
𝑥
< 2.3.0.r5542
ADP
welotectk525u
𝑥
< 2.3.0.r5542
ADP
welotectk525w
𝑥
< 2.3.0.r5542
ADP
welotectk535l1
𝑥
< 2.3.0.r5542
ADP
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2024-009
https://cert.vde.com/en/advisories/VDE-2024-009