5.4
CVE-2023-34412
- EPSS 0.04%
- Published 17.08.2023 14:15:09
- Last modified 21.11.2024 08:07:11
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
Data is provided by the National Vulnerability Database (NVD)
Helmholz ≫ Rex 250 Firmware Version < 7.3.2
Helmholz ≫ Rex 200 Firmware Version < 7.3.2
Redlion ≫ Mbnet.Rokey Rkh 210 Firmware Version < 7.3.2
Redlion ≫ Mbnet.Rokey Rkh 216 Firmware Version < 7.3.2
Redlion ≫ Mbnet.Rokey Rkh 235 Firmware Version < 7.3.2
Redlion ≫ Mbnet.Rokey Rkh 259 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 811 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 850 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 871 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 831 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 855 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 876 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 858 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 816 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 841 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 859 Firmware Version < 7.3.2
Redlion ≫ Mbnet Mdh 835 Firmware Version < 7.3.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.103 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.