Vulnerability Description
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mbconnectline | Mbnet.Mini Firmware | < 2.3.1 |
| Mbconnectline | Mbnet.Mini | - |
| Helmholz | Rex 100 Firmware | < 2.3.1 |
| Helmholz | Rex 100 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2024-056Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2024-066Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-064.t
FAQ
What is CVE-2024-45275?
CVE-2024-45275 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
How severe is CVE-2024-45275?
CVE-2024-45275 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-45275?
Check the references section above for vendor advisories and patch information. Affected products include: Mbconnectline Mbnet.Mini Firmware, Mbconnectline Mbnet.Mini, Helmholz Rex 100 Firmware, Helmholz Rex 100.