CVE-2024-45273
15.10.2024, 11:15
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mb_connect_line | mbnet.mini | 𝑥 ≤ 2.2.13 |
| mbconnectline | mbnet_mbnet.rokey | 𝑥 ≤ 8.2.0 |
| mbconnectline | mbnet_hw1 | 𝑥 ≤ 5.1.11 |
| mbconnectline | mbspider | 𝑥 ≤ 2.6.5 |
| mbconnectline | mbconnect24 | 𝑥 ≤ 2.16.2 |
| mbconnectline | mymbconnect24 | 𝑥 ≤ 2.16.2 |
| helmholz | rex100 | 𝑥 ≤ 2.2.13 |
| helmholz | rex_200 | 𝑥 ≤ 8.2.0 |
| helmholz | rex250 | 𝑥 ≤ 8.2.0 |
| helmholz | myrex24_v2 | 𝑥 ≤ 2.16.2 |
| helmholz | myrex24.virtual | 𝑥 ≤ 2.16.2 |
| helmholz | rex300 | 𝑥 ≤ 5.1.11 |
| mbconnectline | mbnet.mini_firmware | 𝑥 < 2.3.1 |
| helmholz | myrex24_v2_virtual_server | 𝑥 < 2.16.3 |
| helmholz | rex_300_firmware | 𝑥 ≤ 5.1.11 |
| helmholz | rex_200_firmware | 𝑥 < 8.2.1 |
| helmholz | rex_250_firmware | 𝑥 < 8.2.1 |
| helmholz | rex_100_firmware | 𝑥 < 2.3.1 |
| mbconnectline | mbconnect24 | 𝑥 < 2.16.3 |
| mbconnectline | mymbconnect24 | 𝑥 < 2.16.3 |
| mbconnectline | mbspider_mdh_905_firmware | 𝑥 ≤ 2.6.5 |
| mbconnectline | mbspider_mdh_915_firmware | 𝑥 ≤ 2.6.5 |
| mbconnectline | mbspider_mdh_906_firmware | 𝑥 ≤ 2.6.5 |
| mbconnectline | mbspider_mdh_916_firmware | 𝑥 ≤ 2.6.5 |
| mbconnectline | mbnet_hw1_firmware | 𝑥 ≤ 5.1.11 |
| mbconnectline | mbnet_firmware | 𝑥 < 8.2.1 |
| mbconnectline | mbnet.rokey_firmware | 𝑥 < 8.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-261 - Weak Encoding for PasswordObscuring a password with a trivial encoding does not protect the password.
- CWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.