Security Announcement - GoodCloud MQTT communication mechanism vulnerability

  • SA No: GLSA-2023-0001
  • Initial Release Date: 2023-05-18
  • Last Release Date: 2023-05-18

Executive Summary

On March 8th, a device MQTT vulnerability was exploited. The attacker used this vulnerability to unbind numerous unauthorized devices. We addressed the issue and restored the affected data the next day. Currently, we have no evidence that user devices have been compromised due to this vulnerability.

Vulnerability ID: GLPSIRT-2023-00001

Vulnerability severity: High

Software Versions and Fixes

Affected Product Affected Version Resolved Versions
GoodCloud Version 1.3.7 Version 1.4.3

Vulnerability Impact

Successful exploitation could lead to numerous unauthorized devices unbinded.

Temporary Fix


Obtaining Fixed Software

The GoodCloud already upgraded to version 1.4.3 that supports fixing the vulnerability. Users are not required to take any action regarding this vulnerability.

Revision History

2023-05-18 V1.0 Initial Release;



GL Security Supports

To report a security vulnerability in GL’s products and solutions, please send it to GL’s technical support mail(