CVE-2024-45273
Severity CVSS v4.0:
Pending analysis
Type:
CWE-326
Inadequate Encryption Strength
Publication date:
15/10/2024
Last modified:
17/10/2024
Description
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:* | 2.3.1 (excluding) | |
| cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:* | 2.16.3 (excluding) | |
| cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:* | 5.1.11 (including) | |
| cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:* | 8.2.1 (excluding) | |
| cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:* | 8.2.1 (excluding) | |
| cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:* | 2.3.1 (excluding) | |
| cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:* | 2.16.3 (excluding) | |
| cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:* | 2.16.3 (excluding) | |
| cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:* | 2.6.5 (including) | |
| cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page