New Rock Technologies Cloud Connected Devices Wildcard Topic Subscription Vulnerability

Vulnerability

A vulnerability exists in the Cloud MQTT service of New Rock Technologies Cloud Connected Devices, including the OM500 IP-PBX, MX8G VoIP Gateway, and NRP1302/P Desktop IP Phone, all versions. The vulnerability arises from improper neutralization of wildcards in topic subscriptions, allowing attackers to intercept and access sensitive information from the service's communications.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information by intercepting communications within the Cloud MQTT service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

New Rock Technologies Cloud Connected Devices Wildcard Topic Subscription Vulnerability

Vulnerability

Impact

Affected Products

New Rock Technologies OM500 IP-PBX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating