CVE-2023-33379
Description
Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MQTT broker misconfiguration in Connected IO v2.1.0 and prior allows devices to impersonate the management platform and issue commands to all devices.
Vulnerability
Connected IO v2.1.0 and prior contains a misconfiguration in the MQTT broker used for management and device communication. This allows unauthorized devices to connect to the broker and impersonate the Connected IO management platform. The vulnerability affects all versions up to and including v2.1.0 [1].
Exploitation
An attacker with network access to the MQTT broker can connect as a legitimate device. Then, by impersonating the management platform, they can issue arbitrary commands to any device connected to the broker. No authentication bypass or additional privileges are required beyond network connectivity [1].
Impact
Successful exploitation enables an attacker to send commands to all of Connected IO's devices, effectively gaining full control over affected devices. This can lead to unauthorized actions, data manipulation, or disruption of services [1].
Mitigation
As of the publication date, no official fix or mitigation has been disclosed in the available references. Users should monitor vendor updates and consider network-level controls to restrict MQTT broker access [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Connected IO/Connected IOdescription
- Range: <=2.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.