CVE-2024-45273 — HIGH (8.4)

Q: What is CVE-2024-45273?

CVE-2024-45273 is a vulnerability with a CVSS score of 8.4 (HIGH). An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Q: How severe is CVE-2024-45273?

CVE-2024-45273 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45273?

Check the references section above for vendor advisories and patch information. Affected products include: Mbconnectline Mbnet.Mini Firmware, Mbconnectline Mbnet.Mini, Helmholz Myrex24 V2 Virtual Server, Helmholz Rex 300 Firmware, Helmholz Rex 300.

Vulnerability Description

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mbconnectline	Mbnet.Mini Firmware	< 2.3.1
Mbconnectline	Mbnet.Mini	-
Helmholz	Myrex24 V2 Virtual Server	< 2.16.3
Helmholz	Rex 300 Firmware	<= 5.1.11
Helmholz	Rex 300	-
Helmholz	Rex 200 Firmware	< 8.2.1
Helmholz	Rex 200	-
Helmholz	Rex 250 Firmware	< 8.2.1
Helmholz	Rex 250	-
Helmholz	Rex 100 Firmware	< 2.3.1
Helmholz	Rex 100	-
Mbconnectline	Mbconnect24	< 2.16.3
Mbconnectline	Mymbconnect24	< 2.16.3
Mbconnectline	Mbspider Mdh 905 Firmware	<= 2.6.5
Mbconnectline	Mbspider Mdh 905	-
Mbconnectline	Mbspider Mdh 915 Firmware	<= 2.6.5
Mbconnectline	Mbspider Mdh 915	-
Mbconnectline	Mbspider Mdh 906 Firmware	<= 2.6.5
Mbconnectline	Mbspider Mdh 906	-
Mbconnectline	Mbspider Mdh 916 Firmware	<= 2.6.5

Related Weaknesses (CWE)

CWE-326 CWE-261

References

https://cert.vde.com/en/advisories/VDE-2024-056Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-066Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-068Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-069Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.t

FAQ

What is CVE-2024-45273?

CVE-2024-45273 is a vulnerability with a CVSS score of 8.4 (HIGH). An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

How severe is CVE-2024-45273?

CVE-2024-45273 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45273?

Check the references section above for vendor advisories and patch information. Affected products include: Mbconnectline Mbnet.Mini Firmware, Mbconnectline Mbnet.Mini, Helmholz Myrex24 V2 Virtual Server, Helmholz Rex 300 Firmware, Helmholz Rex 300.