- SA No: GLSA-2023-0001
- Initial Release Date: 2023-05-18
- Last Release Date: 2023-05-18
On March 8th, a device MQTT vulnerability was exploited. The attacker used this vulnerability to unbind numerous unauthorized devices. We addressed the issue and restored the affected data the next day. Currently, we have no evidence that user devices have been compromised due to this vulnerability.
Vulnerability ID: GLPSIRT-2023-00001
Vulnerability severity: High
Software Versions and Fixes
|Affected Product||Affected Version||Resolved Versions|
|GoodCloud||Version 1.3.7||Version 1.4.3|
Successful exploitation could lead to numerous unauthorized devices unbinded.
Obtaining Fixed Software
The GoodCloud already upgraded to version 1.4.3 that supports fixing the vulnerability. Users are not required to take any action regarding this vulnerability.
2023-05-18 V1.0 Initial Release;
GL Security Supports
To report a security vulnerability in GL’s products and solutions, please send it to GL’s technical support mail(firstname.lastname@example.org).