Search criteria
4 vulnerabilities found for REX 250 by Helmholz
VAR-202410-0404
Vulnerability from variot - Updated: 2024-10-23 22:43An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rex 300",
"scope": "lte",
"trust": 1.0,
"vendor": "helmholz",
"version": "5.1.11"
},
{
"model": "mbnet",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "mymbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "rex 250",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 916",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 915",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "rex 200",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 905",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 906",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbnet hw1",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "5.1.11"
},
{
"model": "mbnet.rokey",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "myrex24 v2 virtual server",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.16.3"
},
{
"model": "mbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "mbnet",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mymbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 300",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "myrex24 v2 virtual server",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 200",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbspider mdh 915",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 905",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet hw1",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 906",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 916",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 250",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbnet.rokey",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"cve": "CVE-2024-45272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-45272",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-010528",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2024-45272",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-010528",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45272"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45272",
"trust": 2.6
},
{
"db": "CERT@VDE",
"id": "VDE-2024-068",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-069",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010528",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"id": "VAR-202410-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-10-23T22:43:38.088000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1391",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Using weak credentials (CWE-1391) [ others ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-068"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-069"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45272"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"date": "2024-10-15T11:15:11.673000",
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-010528"
},
{
"date": "2024-10-17T17:42:42.197000",
"db": "NVD",
"id": "CVE-2024-45272"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "helmholz\u00a0 of \u00a0myrex24\u00a0v2\u00a0virtual\u00a0server\u00a0 Vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010528"
}
],
"trust": 0.8
}
}
VAR-202410-0405
Vulnerability from variot - Updated: 2024-10-23 22:43An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rex 300",
"scope": "lte",
"trust": 1.0,
"vendor": "helmholz",
"version": "5.1.11"
},
{
"model": "mbnet.mini",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.3.1"
},
{
"model": "mbnet",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "rex 100",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.3.1"
},
{
"model": "mymbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "rex 250",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 916",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "rex 200",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "8.2.1"
},
{
"model": "mbspider mdh 915",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 905",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbspider mdh 906",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.6.5"
},
{
"model": "mbnet hw1",
"scope": "lte",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "5.1.11"
},
{
"model": "mbnet.rokey",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "8.2.1"
},
{
"model": "myrex24 v2 virtual server",
"scope": "lt",
"trust": 1.0,
"vendor": "helmholz",
"version": "2.16.3"
},
{
"model": "mbconnect24",
"scope": "lt",
"trust": 1.0,
"vendor": "mbconnectline",
"version": "2.16.3"
},
{
"model": "mbnet",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet.mini",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mymbconnect24",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 300",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "myrex24 v2 virtual server",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 100",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "rex 200",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbspider mdh 915",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 905",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbnet hw1",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 906",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "mbspider mdh 916",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
},
{
"model": "rex 250",
"scope": null,
"trust": 0.8,
"vendor": "helmholz",
"version": null
},
{
"model": "mbnet.rokey",
"scope": null,
"trust": 0.8,
"vendor": "mb connect line",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"cve": "CVE-2024-45273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-45273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2024-45273",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-45273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-45273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2024-45273",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-45273",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45273"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45273",
"trust": 2.6
},
{
"db": "CERT@VDE",
"id": "VDE-2024-056",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-068",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-069",
"trust": 1.8
},
{
"db": "CERT@VDE",
"id": "VDE-2024-066",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010550",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"id": "VAR-202410-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-10-23T22:43:38.071000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-261",
"trust": 1.0
},
{
"problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-056"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-066"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-068"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2024-069"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"date": "2024-10-15T11:15:11.940000",
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-18T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2024-010550"
},
{
"date": "2024-10-17T17:41:43.017000",
"db": "NVD",
"id": "CVE-2024-45273"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010550"
}
],
"trust": 0.8
}
}
CVE-2023-34412 (GCVE-0-2023-34412)
Vulnerability from nvd – Published: 2023-08-17 13:07 – Updated: 2024-08-02 16:10
VLAI?
Title
Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
Summary
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Lion Europe | mbNET |
Affected:
0 , < 7.3.2
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 200",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 250",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T11:02:33.346Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"source": {
"defect": [
"CERT@VDE#64536"
],
"discovery": "UNKNOWN"
},
"title": "Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-34412",
"datePublished": "2023-08-17T13:07:01.697Z",
"dateReserved": "2023-06-05T12:05:57.451Z",
"dateUpdated": "2024-08-02T16:10:06.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34412 (GCVE-0-2023-34412)
Vulnerability from cvelistv5 – Published: 2023-08-17 13:07 – Updated: 2024-08-02 16:10
VLAI?
Title
Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
Summary
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Lion Europe | mbNET |
Affected:
0 , < 7.3.2
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 200",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 250",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T11:02:33.346Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"source": {
"defect": [
"CERT@VDE#64536"
],
"discovery": "UNKNOWN"
},
"title": "Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-34412",
"datePublished": "2023-08-17T13:07:01.697Z",
"dateReserved": "2023-06-05T12:05:57.451Z",
"dateUpdated": "2024-08-02T16:10:06.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}