CVE-2024-45273

Summary

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Affected Software

VendorProductVersion RangeStatus
MB connect linembNET.mini0.0.0 <= 2.2.13affected
MB connect linembNET/mbNET.rokey0.0.0 <= 8.2.0affected
MB connect linembNET HW10.0.0 <= 5.1.11affected
MB connect linembSPIDER0.0.0 <= 2.6.5affected
MB connect linembCONNECT240.0.0 <= 2.16.2affected
MB connect linemymbCONNECT240.0.0 <= 2.16.2affected
HelmholzREX1000.0.0 <= <= 2.2.13affected
HelmholzREX200/2500.0.0 <= <= 8.2.0affected
HelmholzmyREX24 V20.0.0 <= <= 2.16.2affected
HelmholzmyREX24.virtual0.0.0 <= <= 2.16.2affected
HelmholzREX3000.0.0 <= <= 5.1.11affected

Weaknesses

  • CWE-261: CWE-261: Weak Encoding for Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References