Mbnet Mini Firmware
CVE-2024-45273
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
AnalysisAI
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-261. An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Affected products include: Mbconnectline Mbnet.Mini Firmware, Helmholz Myrex24 V2 Virtual Server, Helmholz Rex 300 Firmware, Helmholz Rex 200 Firmware, Helmholz Rex 250 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Mbnet Mini Firmware
View allThe devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Rated cr
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. R
Same weakness CWE-261 – Weak Encoding for Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today