Improper access control in the IoT Device Management Portal allows unauthorized users to access sensitive device configurations and administrative features without proper authentication.
The portal lacked sufficient authorization checks for certain critical API endpoints. As a result, attackers could bypass authentication and directly interact with privileged functionality, potentially leading to device manipulation, data exposure, or denial of service.
CVE-2023-0333
CERT-In
IoT Device Management Web Interface
Shakir Zari