EUVD-2026-32144
GHSA-7vvv-3cgf-gm8f
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionNVD
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
AnalysisAI
SQL injection in the devices_configuration view of MB connect line / Red Lion mbCONNECT24 and myREX24V2 remote-maintenance platforms (versions up to and including 2.20.0) lets a low-privileged remote user read arbitrary database contents. The CVSS 4.0 vector scores it 7.1 with high confidentiality impact and no integrity or availability impact, while EPSS rates exploitation probability at only 0.03% (11th percentile). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today