Description
An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.
References (1)
Core 1
Core References
Exploit, Press/Media Coverage, Third Party Advisory
https://writeups.ayyappan.me/v/tor-iot-mqtt/
Scores
CVSS v3
9.8
EPSS
0.0130
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
kloudq/tor_equip_gateway
1.0
kloudq/tor_lenz
0.0.1
kloudq/tor_loco_min
1.0 - 3.1
kloudq/tor_shield
1.0
Published
Nov 15, 2023
Tracked Since
Feb 18, 2026