Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-3028

Опубликовано: 01 июн. 2023
Источник: nvd
CVSS3: 8.6
CVSS3: 9.8
EPSS Низкий

Описание

Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.

Multiple vulnerabilities were identified:

  • The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.

  • The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.

  • The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hopechart:hqt401_firmware:201808021036:*:*:*:*:*:*:*
cpe:2.3:h:hopechart:hqt401:-:*:*:*:*:*:*:*

EPSS

Процентиль: 7%
0.00028
Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-287
CWE-287

Связанные уязвимости

github логотип

GHSA-2hp9-23ww-q73m

CVSS3: 8.6
github
больше 2 лет назад

Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: - The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. - The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. - The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's locati...

EPSS

Процентиль: 7%
0.00028
Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-287
CWE-287