An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHelmholz Myrex24 V2 Virtual Server
APPHelmholz< 2.16.3Helmholz Rex 100
HWHelmholzwszystkie wersjeHelmholz Rex 100 Firmware
OSHelmholz< 2.3.1Helmholz Rex 200
HWHelmholzwszystkie wersjeHelmholz Rex 200 Firmware
OSHelmholz< 8.2.1Helmholz Rex 250
HWHelmholzwszystkie wersjeHelmholz Rex 250 Firmware
OSHelmholz< 8.2.1Helmholz Rex 300
HWHelmholzwszystkie wersjeHelmholz Rex 300 Firmware
OSHelmholz≤ 5.1.11Mbconnectline Mbconnect24
APPMbconnectline< 2.16.3Mbconnectline Mbnet
HWMbconnectlinewszystkie wersjeMbconnectline Mbnet Firmware
OSMbconnectline< 8.2.1Mbconnectline Mbnet Hw1
HWMbconnectlinewszystkie wersjeMbconnectline Mbnet Hw1 Firmware
OSMbconnectline≤ 5.1.11Mbconnectline Mbnet.mini
HWMbconnectlinewszystkie wersjeMbconnectline Mbnet.mini Firmware
OSMbconnectline< 2.3.1Mbconnectline Mbnet.rokey
HWMbconnectlinewszystkie wersjeMbconnectline Mbnet.rokey Firmware
OSMbconnectline< 8.2.1Mbconnectline Mbspider Mdh 905
HWMbconnectlinewszystkie wersjeMbconnectline Mbspider Mdh 905 Firmware
OSMbconnectline≤ 2.6.5Mbconnectline Mbspider Mdh 906
HWMbconnectlinewszystkie wersjeMbconnectline Mbspider Mdh 906 Firmware
OSMbconnectline≤ 2.6.5Mbconnectline Mbspider Mdh 915
HWMbconnectlinewszystkie wersjeMbconnectline Mbspider Mdh 915 Firmware
OSMbconnectline≤ 2.6.5Mbconnectline Mbspider Mdh 916
HWMbconnectlinewszystkie wersjeMbconnectline Mbspider Mdh 916 Firmware
OSMbconnectline≤ 2.6.5Mbconnectline Mymbconnect24
APPMbconnectline< 2.16.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-33615CRITICAL9.1PL ✓ten sam produkt
SQL Injection w endpoincie setinfo produktów Mbconnectline
CVE-2024-45274CRITICAL9.8PL ✓ten sam produkt
Zdalne wykonanie poleceń OS bez uwierzytelnienia via UDP w urządzeniach Mbconnectline i Helmholz
CVE-2024-45275CRITICAL9.8PL ✓ten sam produkt
Zakodowane na stałe dane logowe w urządzeniach Mbconnectline i Helmholz
CVE-2020-35565CRITICAL9.8ten sam produkt
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages brutef...
CVE-2020-10383CRITICAL9.8ten sam produkt
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through ...