PatchSiren cyber security CVE debrief
CVE-2023-5570 Inohom CVE debrief
CVE-2023-5570 is a high-severity information disclosure issue in Inohom Home Manager Gateway versions before 1.27.12. According to NVD and the linked advisory references, improper protection for outbound error messages and alert signals can enable account footprinting, meaning an attacker may be able to infer account existence or related account details without authentication.
- Vendor
- Inohom
- Product
- Home Manager Gateway
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-10-27
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-10-27
- Advisory updated
- 2026-05-21
Who should care
Organizations running Inohom Home Manager Gateway, especially administrators and security teams responsible for exposed or remotely reachable deployments. Because the CVSS vector is network-based and requires no privileges or user interaction, this should be treated as a priority issue for any affected instance before 1.27.12.
Technical summary
The supplied NVD record identifies the affected CPE as inohom:home_manager_gateway with vulnerable versions ending before 1.27.12. The issue is categorized as improper protection for outbound error messages and alert signals and mapped to CWE-1320 in advisory metadata. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating remote exploitation with high confidentiality impact and no integrity or availability impact in the provided record.
Defensive priority
High. The vulnerability is remotely reachable, requires no privileges, and may expose account-related information. Version-based remediation is straightforward, so upgrading or otherwise removing exposure should be prioritized.
Recommended defensive actions
- Upgrade Inohom Home Manager Gateway to version 1.27.12 or later.
- Inventory all deployments and confirm no affected versions remain in production or test environments.
- Treat any exposed instance as a priority for remediation because the issue is network-exploitable and requires no authentication.
- Review surrounding security logs and alerting for repeated responses or patterns consistent with account enumeration attempts.
- Track the CVE record and the linked USOM advisory for any additional vendor guidance or clarifications.
Evidence notes
The evidence corpus includes the official CVE record and NVD detail page, plus USOM reference links. NVD metadata shows the vulnerable CPE cpe:2.3:a:inohom:home_manager_gateway:*:*:*:*:*:*:*:* with versionEndExcluding 1.27.12. The supplied references also point to USOM advisory pages for this CVE. No exploit details were used or inferred beyond the published description and CVSS metadata.
Official resources
-
CVE-2023-5570 CVE record
CVE.org
-
CVE-2023-5570 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE published 2023-10-27. The supplied NVD source record was last modified 2026-05-21. The advisory references in the corpus are official/public references; no KEV entry is listed in the supplied data.