CRITICAL🇵🇱 Wersja polska

CVE-2024-45275

CVSS 9.8v3.1pub. 2024-10-15upd. 2024-11-21

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Helmholz Rex 100

    HW
    Helmholz
    wszystkie wersje
  • Helmholz Rex 100 Firmware

    OS
    Helmholz
    < 2.3.1
  • Mbconnectline Mbnet.mini

    HW
    Mbconnectline
    wszystkie wersje
  • Mbconnectline Mbnet.mini Firmware

    OS
    Mbconnectline
    < 2.3.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-45274CRITICAL9.8PL ✓ten sam produkt

Zdalne wykonanie poleceń OS bez uwierzytelnienia via UDP w urządzeniach Mbconnectline i Helmholz

CVE-2025-41675HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server c...

CVE-2025-41674HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic ac...

CVE-2025-41673HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms acti...

CVE-2024-45276HIGH7.5ten sam produkt

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authent...