Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45273

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Published

2024-10-15T11:15:11.940

Last Modified

2024-11-21T09:37:35.450

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-261
  • Type: Primary
    CWE-326
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System mbconnectline mbnet.mini_firmware < 2.3.1 Yes
Hardware mbconnectline mbnet.mini - No
Application helmholz myrex24_v2_virtual_server < 2.16.3 Yes
Operating System helmholz rex_300_firmware ≤ 5.1.11 Yes
Hardware helmholz rex_300 - No
Operating System helmholz rex_200_firmware < 8.2.1 Yes
Hardware helmholz rex_200 - No
Operating System helmholz rex_250_firmware < 8.2.1 Yes
Hardware helmholz rex_250 - No
Operating System helmholz rex_100_firmware < 2.3.1 Yes
Hardware helmholz rex_100 - No
Application mbconnectline mbconnect24 < 2.16.3 Yes
Application mbconnectline mymbconnect24 < 2.16.3 Yes
Operating System mbconnectline mbspider_mdh_905_firmware ≤ 2.6.5 Yes
Hardware mbconnectline mbspider_mdh_905 - No
Operating System mbconnectline mbspider_mdh_915_firmware ≤ 2.6.5 Yes
Hardware mbconnectline mbspider_mdh_915 - No
Operating System mbconnectline mbspider_mdh_906_firmware ≤ 2.6.5 Yes
Hardware mbconnectline mbspider_mdh_906 - No
Operating System mbconnectline mbspider_mdh_916_firmware ≤ 2.6.5 Yes
Hardware mbconnectline mbspider_mdh_916 - No
Operating System mbconnectline mbnet_hw1_firmware ≤ 5.1.11 Yes
Hardware mbconnectline mbnet_hw1 - No
Operating System mbconnectline mbnet_firmware < 8.2.1 Yes
Hardware mbconnectline mbnet - No
Operating System mbconnectline mbnet.rokey_firmware < 8.2.1 Yes
Hardware mbconnectline mbnet.rokey - No
References