CVE-2024-45273

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2024-056	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-066	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-068	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-069	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:mbconnectline:mbconnect24::::::::
	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

Configuration 8 (hide)

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*

History

17 Oct 2024, 17:41

Type	Values Removed	Values Added
First Time		Mbconnectline mbspider Mdh 906 Firmware Mbconnectline Mbconnectline mbnet Mbconnectline mbspider Mdh 905 Firmware Helmholz rex 200 Helmholz Mbconnectline mbspider Mdh 916 Firmware Mbconnectline mbspider Mdh 905 Helmholz rex 300 Firmware Mbconnectline mymbconnect24 Helmholz rex 300 Helmholz rex 100 Firmware Helmholz rex 250 Mbconnectline mbnet Hw1 Firmware Mbconnectline mbspider Mdh 906 Mbconnectline mbnet.mini Firmware Helmholz rex 200 Firmware Mbconnectline mbnet.rokey Mbconnectline mbnet Firmware Mbconnectline mbnet.rokey Firmware Helmholz rex 250 Firmware Helmholz rex 100 Helmholz myrex24 V2 Virtual Server Mbconnectline mbnet Hw1 Mbconnectline mbconnect24 Mbconnectline mbspider Mdh 915 Firmware Mbconnectline mbnet.mini Mbconnectline mbspider Mdh 915 Mbconnectline mbspider Mdh 916
CPE		cpe:2.3:o:mbconnectline:mbnet.mini_firmware:::::::: cpe:2.3:h:mbconnectline:mbnet.rokey:-:::::::* cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:::::::: cpe:2.3:a:mbconnectline:mymbconnect24:::::::: cpe:2.3:a:helmholz:myrex24_v2_virtual_server:::::::: cpe:2.3:h:mbconnectline:mbnet_hw1:-:::::::* cpe:2.3:a:mbconnectline:mbconnect24:::::::: cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:::::::: cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:::::::* cpe:2.3:o:helmholz:rex_250_firmware:::::::: cpe:2.3:o:mbconnectline:mbnet_firmware:::::::: cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:::::::* cpe:2.3:h:helmholz:rex_200:-:::::::* cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:::::::* cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:::::::* cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:::::::: cpe:2.3:o:helmholz:rex_200_firmware:::::::: cpe:2.3:o:helmholz:rex_300_firmware:::::::: cpe:2.3:h:helmholz:rex_250:-:::::::* cpe:2.3:h:helmholz:rex_100:-:::::::* cpe:2.3:h:mbconnectline:mbnet:-:::::::* cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:::::::: cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:::::::: cpe:2.3:o:helmholz:rex_100_firmware:::::::: cpe:2.3:h:mbconnectline:mbnet.mini:-:::::::* cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:::::::: cpe:2.3:h:helmholz:rex_300:-:::::::*
References	~~() https://cert.vde.com/en/advisories/VDE-2024-056 -~~	() https://cert.vde.com/en/advisories/VDE-2024-056 - Third Party Advisory
References	~~() https://cert.vde.com/en/advisories/VDE-2024-066 -~~	() https://cert.vde.com/en/advisories/VDE-2024-066 - Third Party Advisory
References	~~() https://cert.vde.com/en/advisories/VDE-2024-068 -~~	() https://cert.vde.com/en/advisories/VDE-2024-068 - Third Party Advisory
References	~~() https://cert.vde.com/en/advisories/VDE-2024-069 -~~	() https://cert.vde.com/en/advisories/VDE-2024-069 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.4~~	v2 : unknown v3 : 7.8
CWE		CWE-326

15 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Un atacante local no autenticado puede descifrar el archivo de configuración del dispositivo y, por lo tanto, comprometer el dispositivo debido a una implementación débil del cifrado utilizado.

15 Oct 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-15 11:15

Updated : 2024-10-17 17:41

NVD link : CVE-2024-45273

Mitre link : CVE-2024-45273

CVE.ORG link : CVE-2024-45273

JSON object : View

Products Affected

mbconnectline

mbspider_mdh_905
mbnet_hw1
mbconnect24
mbspider_mdh_915
mbnet_firmware
mymbconnect24
mbnet
mbspider_mdh_915_firmware
mbnet.mini_firmware
mbnet.rokey_firmware
mbnet.mini
mbspider_mdh_906_firmware
mbspider_mdh_916_firmware
mbspider_mdh_916
mbnet.rokey
mbnet_hw1_firmware
mbspider_mdh_906
mbspider_mdh_905_firmware

helmholz

rex_100_firmware
rex_200_firmware
rex_100
rex_250_firmware
myrex24_v2_virtual_server
rex_300
rex_250
rex_200
rex_300_firmware

CWE

CWE-326

Inadequate Encryption Strength

CWE-261

Weak Encoding for Password

7.8 /10