ГлавнаяУязвимости → CVE-2024-45273
8.4высокая

CVE-2024-45273

Описание

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Затрагиваемое ПО
Mbconnectline Mbnet.mini firmwareMbconnectline Mbnet.miniHelmholz Myrex24 v2 virtual serverHelmholz Rex 300 firmwareHelmholz Rex 300Helmholz Rex 200 firmwareHelmholz Rex 200Helmholz Rex 250 firmwareHelmholz Rex 250Helmholz Rex 100 firmwareHelmholz Rex 100Mbconnectline Mbconnect24Mbconnectline Mymbconnect24Mbconnectline Mbspider mdh 905 firmwareMbconnectline Mbspider mdh 905Mbconnectline Mbspider mdh 915 firmwareMbconnectline Mbspider mdh 915Mbconnectline Mbspider mdh 906 firmwareMbconnectline Mbspider mdh 906Mbconnectline Mbspider mdh 916 firmwareMbconnectline Mbspider mdh 916Mbconnectline Mbnet hw1 firmwareMbconnectline Mbnet hw1Mbconnectline Mbnet firmwareMbconnectline Mbnet
CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://cert.vde.com/en/advisories/VDE-2024-056https://cert.vde.com/en/advisories/VDE-2024-066https://cert.vde.com/en/advisories/VDE-2024-068https://cert.vde.com/en/advisories/VDE-2024-069https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt