CVE-2024-45275

EPSS 0.83%
Veröffentlicht 15.10.2024 11:15:12
Zuletzt bearbeitet 21.11.2024 09:37:35
Quelle info@cert.vde.com
Teams Watchlist Login
Unerledigt Login

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mbconnectline ≫ Mbnet.Mini Firmware Version < 2.3.1

Mbconnectline ≫ Mbnet.Mini Version-

Helmholz ≫ Rex 100 Firmware Version < 2.3.1

Helmholz ≫ Rex 100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.83%	0.736

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cert.vde.com/en/advisories/VDE-2024-056

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-066

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-064.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-45275

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45275

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45275

EUVD