CVE-2024-45275

EPSS 0.83%
Published 15.10.2024 11:15:12
Last modified 21.11.2024 09:37:35
Source info@cert.vde.com
Teams watchlist Login
Open Login

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Mbconnectline ≫ Mbnet.Mini Firmware Version < 2.3.1

Mbconnectline ≫ Mbnet.Mini Version-

Helmholz ≫ Rex 100 Firmware Version < 2.3.1

Helmholz ≫ Rex 100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.83%	0.736

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cert.vde.com/en/advisories/VDE-2024-056

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-066

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-064.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-45275

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45275

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45275

EUVD