CVE-2023-5570 in Home Manager Gatewayinfo

Summary

by MITRE • 10/27/2023

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.

This issue affects Home Manager Gateway: before v.1.27.12.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/21/2026

The vulnerability identified as CVE-2023-5570 represents a critical weakness in the Inohom Home Manager Gateway firmware that exposes sensitive system information through improperly protected outbound error messages and alert signals. This flaw falls under the broader category of information disclosure vulnerabilities and specifically aligns with CWE-200, which addresses the improper exposure of information to unauthorized actors. The vulnerability exists in versions prior to 1.27.12 of the Home Manager Gateway, indicating that this represents a known issue that was addressed in a subsequent firmware update. The improper protection mechanism allows attackers to gather system metadata, configuration details, and potentially user account information through the error reporting mechanisms that are typically designed to provide diagnostic information to system administrators but instead leak sensitive data to external parties.

The technical implementation of this vulnerability stems from inadequate sanitization and access control measures applied to the gateway's error handling and alert transmission systems. When the gateway encounters operational issues or security events, it generates error messages and alert signals that are intended for internal monitoring purposes but are being transmitted without proper authorization checks. This misconfiguration enables malicious actors to intercept and analyze these outbound communications, potentially extracting account identifiers, device serial numbers, network configurations, and other sensitive operational data. The flaw essentially transforms the gateway's diagnostic functionality into an information leakage channel that can be exploited by unauthorized parties.

The operational impact of this vulnerability extends beyond simple information disclosure, as the leaked account information can enable more sophisticated attacks including account footprinting, which allows adversaries to identify valid user accounts and system configurations. This information can be leveraged to conduct targeted attacks, perform credential stuffing operations, or map the broader network topology. According to ATT&CK framework category T1212, this vulnerability enables adversaries to gather information about the system and its users, which can be used to plan more effective attack strategies. The exposure of account footprinting capabilities through error messages provides attackers with valuable intelligence that can be used to compromise user credentials, escalate privileges, or conduct further reconnaissance activities.

Organizations utilizing Inohom Home Manager Gateway devices should immediately implement firmware updates to version 1.27.12 or later to address this vulnerability. The recommended mitigation strategy involves not only updating the firmware but also implementing network monitoring to detect unusual outbound traffic patterns that might indicate exploitation attempts. Additionally, administrators should review and restrict access to the gateway's management interfaces, implement network segmentation to limit the exposure of these devices, and establish regular vulnerability assessments to identify similar issues in other networked devices. Security teams should also consider implementing intrusion detection systems that can monitor for patterns consistent with account footprinting activities and establish logging mechanisms to track access to sensitive error reporting systems. The vulnerability demonstrates the critical importance of proper information flow control and access restriction in networked security devices, particularly those handling user account information and system diagnostics.

Reservation

10/13/2023

Disclosure

10/27/2023

Moderation

accepted

CPE

ready

EPSS

0.00448

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!