Vulnerabilities > Helmholz

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-45271 An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
local
low complexity
mbconnectline helmholz
7.8
7.8
2024-10-15 CVE-2024-45273 Inadequate Encryption Strength vulnerability in multiple products
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
local
low complexity
mbconnectline helmholz CWE-326
7.8
7.8
2024-10-15 CVE-2024-45275 The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
network
low complexity
mbconnectline helmholz
critical
 9.8
9.8
2021-02-16 CVE-2020-35570 Forced Browsing vulnerability in multiple products
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2.
network
low complexity
mbconnectline helmholz CWE-425
5.3
5.3
2021-02-16 CVE-2020-35568 Information Exposure vulnerability in multiple products
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
network
low complexity
mbconnectline helmholz CWE-200
4.3
4.3
2021-02-16 CVE-2020-35566 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
network
low complexity
mbconnectline helmholz CWE-706
5.3
5.3
2021-02-16 CVE-2020-35561 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
network
low complexity
mbconnectline helmholz CWE-918
5.3
5.3
2021-02-16 CVE-2020-35558 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2.
network
low complexity
mbconnectline helmholz CWE-918
7.5
7.5
2021-02-16 CVE-2020-35557 Improper Privilege Management vulnerability in multiple products
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
network
low complexity
mbconnectline helmholz CWE-269
6.5
6.5