Vulnerabilites related to MB connect line - mbNET HW1
CVE-2024-45273 (GCVE-0-2024-45273)
Vulnerability from cvelistv5
Published
2024-10-15 10:27
Modified
2024-10-16 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-261 - Weak Encoding for Password
Summary
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | MB connect line | mbNET.mini |
Version: 0.0.0 ≤ 2.2.13 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet.mini",
"vendor": "mb_connect_line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_mbnet.rokey",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_hw1",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbspider",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex100",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex_200",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex250",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex300",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:22:26.955543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:31:20.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:47:04.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET.mini",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET/mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET HW1",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbSPIDER",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX100",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX200/250",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX300",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
}
],
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261: Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:52.208Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641695",
"CERT@VDE#641692",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Weak encryption of configuration file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45273",
"datePublished": "2024-10-15T10:27:52.208Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:47:04.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41688 (GCVE-0-2025-41688)
Vulnerability from cvelistv5
Published
2025-07-31 10:02
Modified
2025-07-31 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Summary
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | MB connect line | mbNET HW1 |
Version: 0.0.0 ≤ 5.1.11 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:17:09.687569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:17:23.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET HW1",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET/mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThan": "7.3.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 300",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 200/250",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marcel Rick-Cen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.\u003cbr\u003e"
}
],
"value": "A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T10:02:49.655Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-065"
},
{
"url": "https://certvde.com/de/advisories/VDE-2025-069"
}
],
"source": {
"advisory": "VDE-2025-065, VDE-2025-069",
"defect": [
"CERT@VDE#641828"
],
"discovery": "UNKNOWN"
},
"title": "High Privilege RCE via LUA Sandbox Escape",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41688",
"datePublished": "2025-07-31T10:02:49.655Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-07-31T13:17:23.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202410-0405
Vulnerability from variot
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rex 300",
"scope": "lte",
"trust": 1.0,
"vendor": "helmholz",
"version": "5.1.11"
},
{
"model": "mbnet.mini",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.3.1"
},
{
"model": "mbnet",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "rex 100",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.3.1"
},
{
"model": "mymbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "rex 250",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 916",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "rex 200",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 915",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 905",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 906",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbnet hw1",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "5.1.11"
},
{
"model": "mbnet.rokey",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "myrex24 v2 virtual server",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.16.3"
},
{
"model": "mbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "mbnet",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet.mini",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mymbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 300",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "myrex24 v2 virtual server",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 100",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 200",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbspider mdh 915",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 905",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet hw1",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 906",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 916",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 250",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbnet.rokey",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"cve": "CVE-2024-45273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-45273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2024-45273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-45273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-45273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2024-45273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-45273",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45273"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45273",
"trust": 2.6
},
{
"db": "CERT@VDE",
"id": "VDE-2024-056",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-068",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-069",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-066",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010550",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"id": "VAR-202410-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-10-23T22:43:38.071000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-261",
"trust": 1.0
},
{
"problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-056"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-066"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-068"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-069"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"date": "2024-10-15T11:15:11.940000",
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"date": "2024-10-17T17:41:43.017000",
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
}
],
"trust": 0.8
}
}
var-202410-0404
Vulnerability from variot
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rex 300",
"scope": "lte",
"trust": 1.0,
"vendor": "helmholz",
"version": "5.1.11"
},
{
"model": "mbnet",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "mymbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "rex 250",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 916",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 915",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "rex 200",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 905",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 906",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbnet hw1",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "5.1.11"
},
{
"model": "mbnet.rokey",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "myrex24 v2 virtual server",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.16.3"
},
{
"model": "mbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "mbnet",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mymbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 300",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "myrex24 v2 virtual server",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 200",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbspider mdh 915",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 905",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet hw1",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 906",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 916",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 250",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbnet.rokey",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"cve": "CVE-2024-45272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-45272",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-010528",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2024-45272",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-010528",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45272"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45272",
"trust": 2.6
},
{
"db": "CERT@VDE",
"id": "VDE-2024-068",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-069",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010528",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"id": "VAR-202410-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-10-23T22:43:38.088000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1391",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Using weak credentials (CWE-1391) [ others ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-068"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-069"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45272"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"date": "2024-10-15T11:15:11.673000",
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"date": "2024-10-17T17:42:42.197000",
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "helmholz\u00a0 of \u00a0myrex24\u00a0v2\u00a0virtual\u00a0server\u00a0 Vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
}
],
"trust": 0.8
}
}