Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mbconnectline mbconnect24 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-24570
An issue exists in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 up to and including 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing malicious users to steal session information from logged-in users with a crafted link.
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
NA
CVE-2023-4834
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged malicious user to gain read access to limited, non-critical device information ...
Helmholz Myrex24
Helmholz Myrex24.virtual
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
NA
CVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
356
VMScore
CVE-2021-34574
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request ...
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
605
VMScore
CVE-2020-12527
An issue exists in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
356
VMScore
CVE-2020-35557
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
445
VMScore
CVE-2020-35558
An issue exists in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.11.2. There is an SSRF in the in the MySQL access check, allowing an malicious user to scan for open ports and gain some information about possible credent...
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
445
VMScore
CVE-2020-35561
An issue exists MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated malicious user to scan for open ports.
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
445
VMScore
CVE-2020-35566
An issue exists in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
356
VMScore
CVE-2020-35568
An issue exists in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated malicious user to gain non-public information about other users and ...
Mbconnectline Mbconnect24
Mbconnectline Mymbconnect24
Helmholz Myrex24.virtual
Helmholz Myrex24
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »