From this webpage screenshot, the following key vulnerability information can be extracted: CVE ID - CVE-2023-3028 Description - Insufficient authentication in the MQTT backend (broker) allows attackers to access and manipulate telemetric data from entire fleets of vehicles using the HopeChart HQT-401 in-vehicle communication unit. Other models may also be affected. Multiple vulnerabilities were identified. - The MQTT backend does not require authentication, allowing attackers to connect without authorization. - Vehicles publish their telemetric data (e.g., GPS location, speed, mileage, fuel) as messages on public MQTT topics. - The backend also sends commands to vehicles by publishing messages on public MQTT topics. Thus, attackers can access confidential data from the entire fleet managed by the backend. - MQTT messages sent by vehicles or the backend are neither encrypted nor authenticated. Attackers can create and publish messages to impersonate vehicles or the backend. Attackers can also send false information to the backend regarding vehicle locations. - The backend can inject data into a vehicle’s CAN bus by sending specific MQTT messages to public topics. Since these messages are not authenticated or encrypted, attackers can impersonate the backend, create fake messages, and inject CAN data into any vehicle managed by the backend. - The confirmed version is 201808021036; however, further versions have also been confirmed as potentially affected. References - Yashin Mehaboobe - Ramiro Pareja Veredas Problem Type - CWE-287: Improper Authentication - CWE-319: Cleartext Transmission of Sensitive Information - CWE-345: Insufficient Data Validation CAPEC ID - CAPEC-194: Impersonating a Data Source - CAPEC-383: Information Collection via API Event Monitoring Affected Products - Hangzhou Hopechart IoT Technology Co., Ltd., HQT401 CVSS3.1 Score - 8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H