{"api_version":"1","generated_at":"2026-05-13T13:01:16+00:00","cve":"CVE-2023-3548","urls":{"html":"https://cve.report/CVE-2023-3548","api":"https://cve.report/api/cve/CVE-2023-3548.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3548","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3548"},"summary":{"title":"CVE-2023-3548","description":"An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.","state":"PUBLIC","assigner":"productsecurity@jci.com","published_at":"2023-07-25 14:15:00","updated_at":"2023-08-03 13:44:00"},"problem_types":["CWE-307"],"metrics":[],"references":[{"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","name":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","refsource":"MISC","tags":[],"title":"Product Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04","name":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04","refsource":"MISC","tags":[],"title":"Access denied | CISA","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3548","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3548","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"johnsoncontrols","cpe5":"iq_wifi_6","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3548","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"johnsoncontrols","cpe5":"iq_wifi_6_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3548","ASSIGNER":"productsecurity@jci.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-307 Improper Restriction of Excessive Authentication Attempts","cweId":"CWE-307"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Johnson Controls","product":{"product_data":[{"product_name":"IQ Wifi 6","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"2.0.2"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories","refsource":"MISC","name":"https://www.johnsoncontrols.com/cyber-solutions/security-advisories"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04","refsource":"MISC","name":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade&nbsp;IQ Wifi 6 firmware to version 2.0.2.<br>The firmware update will be pushed to all available devices in the field.<br>The firmware update can also be manually loaded by applying the patch tag “iqwifi2.0.2” on the device after navigating to its firmware update page.<br><br>"}],"value":"Upgrade IQ Wifi 6 firmware to version 2.0.2.\nThe firmware update will be pushed to all available devices in the field.\nThe firmware update can also be manually loaded by applying the patch tag “iqwifi2.0.2” on the device after navigating to its firmware update page.\n\n"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2023-07-25 14:15:00","lastModifiedDate":"2023-08-03 13:44:00","problem_types":["CWE-307"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:johnsoncontrols:iq_wifi_6_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:johnsoncontrols:iq_wifi_6:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}