CVE-2024-45273

moderate-risk

Published 2024-10-15

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (15)

Mbnet.Mini Firmware

Myrex24 V2 Virtual Server

Rex 300 Firmware

Rex 200 Firmware

Rex 250 Firmware

Rex 100 Firmware

Mbconnect24

Mymbconnect24

Mbspider Mdh 905 Firmware

Mbspider Mdh 915 Firmware

Mbspider Mdh 906 Firmware

Mbspider Mdh 916 Firmware

Mbnet Hw1 Firmware

Mbnet Firmware

Mbnet.Rokey Firmware

Affected Vendors

Mbconnectline Helmholz

References (5)

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2024-056

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2024-066

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2024-068

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2024-069

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.t...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate