Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Welotec | TK515L | unaffected |
|
||||||
| Welotec | TK515L Set | unaffected |
|
||||||
| Welotec | TK515L-W | unaffected |
|
||||||
| Welotec | TK515L-W Set | unaffected |
|
||||||
| Welotec | TK525L | unaffected |
|
||||||
| Welotec | TK525L Set | unaffected |
|
||||||
| Welotec | TK525L-W | unaffected |
|
||||||
| Welotec | TK525L-W Set | unaffected |
|
||||||
| Welotec | TK525U | unaffected |
|
||||||
| Welotec | TK525U Set | unaffected |
|
||||||
| Welotec | TK525W | unaffected |
|
||||||
| Welotec | TK525W Set | unaffected |
|
||||||
| Welotec | TK535L1 | unaffected |
|
||||||
| Welotec | TK535L1 Set | unaffected |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-23370 | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. |
| Link | Providers |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2024-009 |
|
Wed, 02 Oct 2024 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Welotec
Welotec tk515l Welotec tk525l Welotec tk525u Welotec tk525w Welotec tk535l1 |
|
| Weaknesses | CWE-284 | |
| CPEs | cpe:2.3:h:welotec:tk515l:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk525l:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk525u:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk525w:*:*:*:*:*:*:*:* cpe:2.3:h:welotec:tk535l1:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Welotec
Welotec tk515l Welotec tk525l Welotec tk525u Welotec tk525w Welotec tk535l1 |
|
| Metrics |
ssvc
|
Wed, 02 Oct 2024 05:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. |
| Weaknesses | CWE-306 |
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published:
Updated: 2024-10-02T05:26:02.183Z
Reserved: 2023-02-28T08:11:19.318Z
Link: CVE-2023-1083
Vulnrichment
Updated: 2024-08-02T05:32:46.397Z
NVD
Status : Deferred
Published: 2024-04-09T09:15:19.937
Modified: 2026-04-15T00:35:42.020
Link: CVE-2023-1083
Redhat
No data.
OpenCVE Enrichment
No data.