Vulnerabilites related to MB connect line - mbNET
CVE-2024-23943 (GCVE-0-2024-23943)
Vulnerability from cvelistv5
Published
2025-03-18 11:03
Modified
2025-03-18 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | MB connect line | mbCONNECT24 |
Version: 0 ≤ |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:11:57.727971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:13:28.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected."
}
],
"value": "An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T11:03:49.466Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-010"
}
],
"source": {
"advisory": "VDE-2024-010",
"defect": [
"CERT@VDE#64614"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line: Cloud API access due to a lack of authentication for a critical function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-23943",
"datePublished": "2025-03-18T11:03:49.466Z",
"dateReserved": "2024-01-24T08:35:23.199Z",
"dateUpdated": "2025-03-18T13:13:28.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23942 (GCVE-0-2024-23942)
Vulnerability from cvelistv5
Published
2025-03-18 11:03
Modified
2025-08-20 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | MB connect line | mbCONNECT24 |
Version: 0 ≤ |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:14:54.987012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:15:06.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.\u003cbr\u003e"
}
],
"value": "A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T06:11:05.971Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-010"
}
],
"source": {
"advisory": "VDE-2024-010",
"defect": [
"CERT@VDE#64614"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line: Configuration File on the client workstation is not encrypted",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-23942",
"datePublished": "2025-03-18T11:03:35.116Z",
"dateReserved": "2024-01-24T08:35:23.199Z",
"dateUpdated": "2025-08-20T06:11:05.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202410-0405
Vulnerability from variot
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rex 300",
"scope": "lte",
"trust": 1.0,
"vendor": "helmholz",
"version": "5.1.11"
},
{
"model": "mbnet.mini",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.3.1"
},
{
"model": "mbnet",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "rex 100",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.3.1"
},
{
"model": "mymbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "rex 250",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 916",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "rex 200",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 915",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 905",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 906",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbnet hw1",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "5.1.11"
},
{
"model": "mbnet.rokey",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "myrex24 v2 virtual server",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.16.3"
},
{
"model": "mbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "mbnet",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet.mini",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mymbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 300",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "myrex24 v2 virtual server",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 100",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 200",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbspider mdh 915",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 905",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet hw1",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 906",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 916",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 250",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbnet.rokey",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"cve": "CVE-2024-45273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-45273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2024-45273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-45273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-45273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2024-45273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-45273",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45273"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45273",
"trust": 2.6
},
{
"db": "CERT@VDE",
"id": "VDE-2024-056",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-068",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-069",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-066",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010550",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"id": "VAR-202410-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-10-23T22:43:38.071000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-261",
"trust": 1.0
},
{
"problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-056"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-066"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-068"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-069"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"date": "2024-10-15T11:15:11.940000",
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"date": "2024-10-17T17:41:43.017000",
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
}
],
"trust": 0.8
}
}
var-202410-0404
Vulnerability from variot
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rex 300",
"scope": "lte",
"trust": 1.0,
"vendor": "helmholz",
"version": "5.1.11"
},
{
"model": "mbnet",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "mymbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "rex 250",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 916",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 915",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "rex 200",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 905",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 906",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbnet hw1",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "5.1.11"
},
{
"model": "mbnet.rokey",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "myrex24 v2 virtual server",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.16.3"
},
{
"model": "mbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "mbnet",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mymbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 300",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "myrex24 v2 virtual server",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 200",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbspider mdh 915",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 905",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet hw1",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 906",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 916",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 250",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbnet.rokey",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"cve": "CVE-2024-45272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-45272",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-010528",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2024-45272",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-010528",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45272"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45272",
"trust": 2.6
},
{
"db": "CERT@VDE",
"id": "VDE-2024-068",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-069",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010528",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"id": "VAR-202410-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-10-23T22:43:38.088000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1391",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Using weak credentials (CWE-1391) [ others ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-068"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-069"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45272"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"date": "2024-10-15T11:15:11.673000",
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"date": "2024-10-17T17:42:42.197000",
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "helmholz\u00a0 of \u00a0myrex24\u00a0v2\u00a0virtual\u00a0server\u00a0 Vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
}
],
"trust": 0.8
}
}