|
2023-08-17
|
CVE-2023-34412
|
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
|
Rex_200_firmware, Rex_250_firmware, Mbnet\.rokey_rkh_210_firmware, Mbnet\.rokey_rkh_216_firmware, Mbnet\.rokey_rkh_235_firmware, Mbnet\.rokey_rkh_259_firmware, Mbnet_mdh_811_firmware, Mbnet_mdh_816_firmware, Mbnet_mdh_831_firmware, Mbnet_mdh_835_firmware, Mbnet_mdh_841_firmware, Mbnet_mdh_850_firmware, Mbnet_mdh_855_firmware, Mbnet_mdh_858_firmware, Mbnet_mdh_859_firmware, Mbnet_mdh_871_firmware, Mbnet_mdh_876_firmware
|
N/A
|
|
|
|
2024-10-15
|
CVE-2024-45272
|
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
|
Myrex24_v2_virtual_server, Rex_200_firmware, Rex_250_firmware, Rex_300_firmware, Mbconnect24, Mbnet\.rokey_firmware, Mbnet_firmware, Mbnet_hw1_firmware, Mbspider_mdh_905_firmware, Mbspider_mdh_906_firmware, Mbspider_mdh_915_firmware, Mbspider_mdh_916_firmware, Mymbconnect24
|
N/A
|
|
|
|
2024-10-15
|
CVE-2024-45273
|
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
|
Myrex24_v2_virtual_server, Rex_100_firmware, Rex_200_firmware, Rex_250_firmware, Rex_300_firmware, Mbconnect24, Mbnet\.mini_firmware, Mbnet\.rokey_firmware, Mbnet_firmware, Mbnet_hw1_firmware, Mbspider_mdh_905_firmware, Mbspider_mdh_906_firmware, Mbspider_mdh_915_firmware, Mbspider_mdh_916_firmware, Mymbconnect24
|
7.8
|
|
|