Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rex_100_firmware
(Helmholz)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-15 | CVE-2024-45271 | An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | Rex_100_firmware, Mbnet\.mini_firmware | 7.8 | ||
| 2024-10-15 | CVE-2024-45273 | An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | Myrex24_v2_virtual_server, Rex_100_firmware, Rex_200_firmware, Rex_250_firmware, Rex_300_firmware, Mbconnect24, Mbnet\.mini_firmware, Mbnet\.rokey_firmware, Mbnet_firmware, Mbnet_hw1_firmware, Mbspider_mdh_905_firmware, Mbspider_mdh_906_firmware, Mbspider_mdh_915_firmware, Mbspider_mdh_916_firmware, Mymbconnect24 | 7.8 | ||
| 2024-10-15 | CVE-2024-45274 | An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | Rex_100_firmware, Mbnet\.mini_firmware | N/A | ||
| 2024-10-15 | CVE-2024-45275 | The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | Rex_100_firmware, Mbnet\.mini_firmware | 9.8 | ||
| 2024-10-15 | CVE-2024-45276 | An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | Rex_100_firmware, Mbnet\.mini_firmware | N/A |