CVE-2023-33379

Published: Aug 4, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.

Affected (1)

Products: Connectedio: Er2000t Vz Cat1 Firmware

1 product

Er2000t Vz Cat1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Connectedio Er2000t Vz Cat1 Firmware	Up to 2.1.0

Running on/with	Platform Versions
Connectedio Er2000t Vz Cat1	All versions

References (4)

https://claroty.com/team82/disclosure-dashboard/cve-2023-33379

Source: cve@mitre.org

Third Party Advisory

https://www.connectedio.com/products/routers

Source: cve@mitre.org

Product

https://claroty.com/team82/disclosure-dashboard/cve-2023-33379

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.connectedio.com/products/routers

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.