CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

CVE-2023-1779

Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions =2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact...

CVE-2023-1779

CVE-2023-1779 affects MB Connect Line products mbCONNECT24, mymbCONNECT24, Helmholz’ myREX24 and myREX24.virtual (versions

PT-2023-16666 · Helmholz +1 · Myrex24 +2

Name of the Vulnerable Software and Affected Versions: MB Connect Lines mbCONNECT24 versions = 2.13.3 mymbCONNECT24 versions = 2.13.3 Helmholz' myREX24 versions = 2.13.3 Helmholz' myREX24.virtual versions = 2.13.3 Description: An Authorization Bypass issue allows an authenticated remote user with...

PT-2023-17239 · Unknown +1 · Mbconnect24 +2

Name of the Vulnerable Software and Affected Versions: mbCONNECT24 versions =2.13.3 mymbCONNECT24 versions =2.13.3 myREX24 versions =2.13.3 myREX24.virtual versions =2.13.3 Description: The issue allows an authorized remote attacker with low privileges to view a limited amount of another account'...

CVE-2022-22520

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...

Code injection

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...

CVE-2022-22520

CVE-2022-22520 describes a remote, unauthenticated user enumeration vulnerability in MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual up to v2.11.2. The underlying issue is that the webservice allows attackers to enumerate valid users by sending specific...

CVE-2021-34574

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

Design/Logic Flaw

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

CVE-2021-34574

CVE-2021-34574 affects MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24 and myREX24.virtual up to version 2.11.2. An authenticated attacker can change their account password by intercepting and modifying the password-change request sent to the server, bypassing the password ...

PT-2021-20556 · Unknown · Mbconnect24 +2

Name of the Vulnerable Software and Affected Versions: mymbCONNECT24 versions through 2.11.2 mbCONNECT24 versions through 2.11.2 Helmholz myREX24 versions through 2.11.2 myREX24.virtual versions through 2.11.2 Description: An authenticated attacker can change the password of their account into a...

CVE-2020-12527

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

Improper access control

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

CVE-2020-12527 Improper Access Validation in products of MB connect line and Helmholz

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

CVE-2020-35568

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the...

CVE-2020-35570

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...

Design/Logic Flaw

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...

Design/Logic Flaw

An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation...

CVE-2020-35570

MB connect line products mymbCONNECT24, mbCONNECT24, Helmholz myREX24 and myREX24.virtual (through 2.11.2) are affected by a forceful-browsing vulnerability that allows an unauthenticated attacker to access restricted files. The issue is described under CVE-2020-35570 as an access to restricted f...