7.5
CVE-2024-45272
- EPSS 0.73%
- Published 15.10.2024 11:15:11
- Last modified 21.11.2024 09:37:35
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
Data is provided by the National Vulnerability Database (NVD)
Helmholz ≫ Myrex24 V2 Virtual Server Version < 2.16.3
Helmholz ≫ Rex 300 Firmware Version <= 5.1.11
Helmholz ≫ Rex 200 Firmware Version < 8.2.1
Helmholz ≫ Rex 250 Firmware Version < 8.2.1
Mbconnectline ≫ Mbconnect24 Version < 2.16.3
Mbconnectline ≫ Mymbconnect24 Version < 2.16.3
Mbconnectline ≫ Mbspider Mdh 905 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 915 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 906 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 916 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbnet Hw1 Firmware Version <= 5.1.11
Mbconnectline ≫ Mbnet Firmware Version < 8.2.1
Mbconnectline ≫ Mbnet.Rokey Firmware Version < 8.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.718 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1391 Use of Weak Credentials
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.