- SA No: GLSA-2023-0001
- Initial Release Date: 2023-05-18
- Last Release Date: 2023-05-18
Executive Summary
On March 8th, a device MQTT vulnerability was exploited. The attacker used this vulnerability to unbind numerous unauthorized devices. We addressed the issue and restored the affected data the next day. Currently, we have no evidence that user devices have been compromised due to this vulnerability.
Vulnerability ID: GLPSIRT-2023-00001
Vulnerability severity: High
Software Versions and Fixes
| Affected Product | Affected Version | Resolved Versions |
|---|---|---|
| GoodCloud | Version 1.3.7 | Version 1.4.3 |
Vulnerability Impact
GLPSIRT-2023-0001:
Successful exploitation could lead to numerous unauthorized devices unbinded.
Temporary Fix
None
Obtaining Fixed Software
The GoodCloud already upgraded to version 1.4.3 that supports fixing the vulnerability. Users are not required to take any action regarding this vulnerability.
Revision History
2023-05-18 V1.0 Initial Release;
References
None
GL Security Supports
To report a security vulnerability in GL’s products and solutions, please send it to GL’s technical support mail(support@glinet.biz).