CVE-2023-34412: Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
First published: Thu Aug 17 2023(Updated: )
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Helmholz Rex 250 Firmware | <7.3.2 | |
| Helmholz Rex 250 Firmware | ||
| Helmholz Rex 200 Firmware | <7.3.2 | |
| Helmholz Rex 200 Firmware | ||
| Redlion Mbnet Rkh 210 Firmware | <7.3.2 | |
| Redlion Mbnet Rkh 210 | ||
| Redlion Mbnet Rkh 216 Firmware | <7.3.2 | |
| Redlion Mbnet Rkh 216 | ||
| Red Lion MBnet RKH 235 Firmware | <7.3.2 | |
| Redlion Mbnet Rkh 235 | ||
| Redlion Mbnet.rokey Rkh 259 | <7.3.2 | |
| Redlion Mbnet.rokey Rkh 259 Firmware | ||
| Red Lion MBNet MDH 811 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 811 Firmware | ||
| Redlion Mbnet Mdh 850 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 850 Firmware | ||
| Redlion Mbnet Mdh 871 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 871 Firmware | ||
| Redlion Mbnet MDH 831 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 831 Firmware | ||
| Redlion Mbnet Mdh 855 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 855 Firmware | ||
| Redlion MBNET MDH 876 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 876 Firmware | ||
| Redlion MBNET MDH Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 858 Firmware | ||
| Redlion Mbnet Mdh 816 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 816 Firmware | ||
| Redlion Mbnet Mdh 841 | <7.3.2 | |
| Redlion Mbnet Mdh 841 | ||
| Redlion Mbnet Mdh 859 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 859 Firmware | ||
| Redlion Mbnet Mdh 835 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 835 Firmware | ||
| All of | ||
| Helmholz Rex 250 Firmware | <7.3.2 | |
| Helmholz Rex 250 Firmware | ||
| All of | ||
| Helmholz Rex 200 Firmware | <7.3.2 | |
| Helmholz Rex 200 Firmware | ||
| All of | ||
| Redlion Mbnet Rkh 210 Firmware | <7.3.2 | |
| Redlion Mbnet Rkh 210 | ||
| All of | ||
| Redlion Mbnet Rkh 216 Firmware | <7.3.2 | |
| Redlion Mbnet Rkh 216 | ||
| All of | ||
| Red Lion MBnet RKH 235 Firmware | <7.3.2 | |
| Redlion Mbnet Rkh 235 | ||
| All of | ||
| Redlion Mbnet.rokey Rkh 259 | <7.3.2 | |
| Redlion Mbnet.rokey Rkh 259 Firmware | ||
| All of | ||
| Red Lion MBNet MDH 811 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 811 Firmware | ||
| All of | ||
| Redlion Mbnet Mdh 850 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 850 Firmware | ||
| All of | ||
| Redlion Mbnet Mdh 871 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 871 Firmware | ||
| All of | ||
| Redlion Mbnet MDH 831 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 831 Firmware | ||
| All of | ||
| Redlion Mbnet Mdh 855 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 855 Firmware | ||
| All of | ||
| Redlion MBNET MDH 876 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 876 Firmware | ||
| All of | ||
| Redlion MBNET MDH Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 858 Firmware | ||
| All of | ||
| Redlion Mbnet Mdh 816 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 816 Firmware | ||
| All of | ||
| Redlion Mbnet Mdh 841 | <7.3.2 | |
| Redlion Mbnet Mdh 841 | ||
| All of | ||
| Redlion Mbnet Mdh 859 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 859 Firmware | ||
| All of | ||
| Redlion Mbnet Mdh 835 Firmware | <7.3.2 | |
| Redlion Mbnet Mdh 835 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-34412.
What is the severity level of CVE-2023-34412?
The severity level of CVE-2023-34412 is high.
Which devices are affected by CVE-2023-34412?
Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower than 7.3.2 are affected by CVE-2023-34412.
How can an attacker exploit CVE-2023-34412?
An authenticated remote attacker can exploit CVE-2023-34412 by storing an arbitrary JavaScript payload on the diagnosis page of the affected devices.
How can I mitigate CVE-2023-34412?
To mitigate CVE-2023-34412, update the firmware of the affected devices to version 7.3.2 or higher.
- collector/mitre-cve
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/helmholz
- canonical/helmholz rex 250 firmware
- canonical/helmholz rex 200 firmware
- vendor/redlion
- canonical/redlion mbnet rkh 210 firmware
- canonical/redlion mbnet rkh 210
- canonical/redlion mbnet rkh 216 firmware
- canonical/redlion mbnet rkh 216
- canonical/red lion mbnet rkh 235 firmware
- canonical/redlion mbnet rkh 235
- canonical/redlion mbnet.rokey rkh 259
- canonical/redlion mbnet.rokey rkh 259 firmware
- canonical/red lion mbnet mdh 811 firmware
- canonical/redlion mbnet mdh 811 firmware
- canonical/redlion mbnet mdh 850 firmware
- canonical/redlion mbnet mdh 871 firmware
- canonical/redlion mbnet mdh 831 firmware
- canonical/redlion mbnet mdh 855 firmware
- canonical/redlion mbnet mdh 876 firmware
- canonical/redlion mbnet mdh firmware
- canonical/redlion mbnet mdh 858 firmware
- canonical/redlion mbnet mdh 816 firmware
- canonical/redlion mbnet mdh 841
- canonical/redlion mbnet mdh 859 firmware
- canonical/redlion mbnet mdh 835 firmware