Mbnet Mini Firmware
CVE-2024-45274
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (cert) · only source for this CVE.
CVSS VectorVendor: cert
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
AnalysisAI
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Affected products include: Mbconnectline Mbnet.Mini Firmware, Helmholz Rex 100 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
More in Mbnet Mini Firmware
View allThe devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. R
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today