CVE-2024-45274

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*

History

17 Oct 2024, 17:40

Type Values Removed Values Added
Summary
  • (es) Un atacante remoto no autenticado puede ejecutar comandos del sistema operativo a través de UDP en el dispositivo debido a la falta de autenticación.
CPE cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
First Time Helmholz
Helmholz rex 100
Helmholz rex 100 Firmware
Mbconnectline mbnet.mini Firmware
Mbconnectline mbnet.mini
Mbconnectline
References () https://cert.vde.com/en/advisories/VDE-2024-056 - () https://cert.vde.com/en/advisories/VDE-2024-056 - Third Party Advisory
References () https://cert.vde.com/en/advisories/VDE-2024-066 - () https://cert.vde.com/en/advisories/VDE-2024-066 - Third Party Advisory

15 Oct 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-15 11:15

Updated : 2024-10-17 17:40


NVD link : CVE-2024-45274

Mitre link : CVE-2024-45274

CVE.ORG link : CVE-2024-45274


JSON object : View

Products Affected

helmholz

  • rex_100
  • rex_100_firmware

mbconnectline

  • mbnet.mini
  • mbnet.mini_firmware
CWE
CWE-306

Missing Authentication for Critical Function