CVE-2024-45271

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*

History

21 Oct 2024, 19:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 7.8
CWE NVD-CWE-noinfo
First Time Mbconnectline mbnet.mini
Helmholz
Mbconnectline
Helmholz rex 100
Helmholz rex 100 Firmware
Mbconnectline mbnet.mini Firmware
References () https://cert.vde.com/en/advisories/VDE-2024-056 - () https://cert.vde.com/en/advisories/VDE-2024-056 - Third Party Advisory
References () https://cert.vde.com/en/advisories/VDE-2024-066 - () https://cert.vde.com/en/advisories/VDE-2024-066 - Third Party Advisory
CPE cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*

15 Oct 2024, 14:35

Type Values Removed Values Added
Summary
  • (es) Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta.
CWE CWE-116

15 Oct 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-15 11:15

Updated : 2024-10-21 19:21


NVD link : CVE-2024-45271

Mitre link : CVE-2024-45271

CVE.ORG link : CVE-2024-45271


JSON object : View

Products Affected

helmholz

  • rex_100
  • rex_100_firmware

mbconnectline

  • mbnet.mini
  • mbnet.mini_firmware
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation

CWE-116

Improper Encoding or Escaping of Output