Unrated severityNVD Advisory· Published May 24, 2023· Updated Jan 31, 2025

CVE-2023-31459

Description

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mitel MiVoice Connect Mobility Router default password vulnerability allows unauthenticated internal attackers to gain admin privileges.

Vulnerability

The Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier contains a default password vulnerability [2]. During initial installation, the system does not enforce a password change for the administrative account, leaving the default credentials active.

Exploitation

An unauthenticated attacker with internal network access to the Mobility Router can exploit this by connecting to the management interface and authenticating with the known default credentials [2]. No additional privileges or user interaction are required.

Impact

Successful exploitation grants the attacker administrative privileges on the router, enabling arbitrary configuration changes and execution of arbitrary commands, leading to full compromise of the affected device [2].

Mitigation

Mitel recommends that customers update to the latest software release and ensure that complex passwords are configured for all Connect Mobility Router accounts [2]. The official advisory (23-0006) was published on 2023-05-17. No workaround is available beyond applying the update and setting strong passwords.

References

Mitel Product Security Advisory 23-0006

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Mitel/MiVoice Connectdescription
Mitel/Connect Mobility Routerllm-create
Range: <=9.6.2208.101
Mitel/MiVoice Connectllm-fuzzy
Range: <=9.6.2208.101

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000