First published: Tue Feb 16 2021(Updated: )
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.11.2 | |
Mbconnectline Mymbconnect24 | <=2.11.2 | |
Helmholz myREX24 | <=2.11.2 | |
Helmholz Myrex24.virtual | <=2.11.2 |
Update to v2.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-35570.
The severity of CVE-2020-35570 is medium with a CVSS score of 5.3.
The affected software versions are mbCONNECT24 2.11.2, mymbCONNECT24 2.11.2, myREX24 2.11.2, and myREX24.virtual 2.11.2.
An unauthenticated attacker can exploit CVE-2020-35570 by accessing files that should have been restricted through forceful browsing.
Yes, you can find references for CVE-2020-35570 at the following links: [reference1](https://cert.vde.com/en/advisories/VDE-2021-003), [reference2](https://cert.vde.com/en/advisories/VDE-2022-039), [reference3](https://mbconnectline.com/security-advice/).