CVE-2025-0681
New Rock Technologies' cloud MQTT service allows wildcard topic subscriptions, potentially letting attackers access sensitive data. The company hasn't responded to CISA's mitigation requests. Affected users should contact support for more details. 2025-1-30 09:8:0 Author: claroty.com(查看原文) 阅读量:1 收藏
New Rock Technologies' cloud MQTT service allows wildcard topic subscriptions, potentially letting attackers access sensitive data. The company hasn't responded to CISA's mitigation requests. Affected users should contact support for more details. 2025-1-30 09:8:0 Author: claroty.com(查看原文) 阅读量:1 收藏
Medium Threat
CWE-155 Improper Neutralization of Wildcards or Matching Symbols:
The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.
New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support for additional information.
文章来源: https://claroty.com/team82/disclosure-dashboard/cve-2025-0681
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh