CVE-2024-45273: MB connect line/Helmholz: Weak encryption of configuration file
First published: Tue Oct 15 2024(Updated: )
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Mbconnectline Mymbconnect24 | <2.3.1 | |
| Mbconnectline | ||
| Helmholz Myrex24 | <2.16.3 | |
| All of | ||
| Helmholz Rex 300 | <=5.1.11 | |
| Helmholz Rex 300 Firmware | ||
| All of | ||
| Helmholz Rex 200 Firmware | <8.2.1 | |
| Helmholz Rex 200 Firmware | ||
| All of | ||
| Helmholz Rex 250 Firmware | <8.2.1 | |
| Helmholz Rex 250 Firmware | ||
| All of | ||
| Helmholz Rex 100 | <2.3.1 | |
| Helmholz Rex 100 Firmware | ||
| Mbconnectline Mymbconnect24 | <2.16.3 | |
| Mbconnectline Mymbconnect24 | <2.16.3 | |
| All of | ||
| Mbconnectline Mbnet Hw1 | <=2.6.5 | |
| Mbconnectline | ||
| All of | ||
| Mbconnectline Mymbconnect24 | <=2.6.5 | |
| Mbconnectline | ||
| All of | ||
| Mbconnectline Mymbconnect24 | <=2.6.5 | |
| Mbconnectline | ||
| All of | ||
| Mbconnectline Mymbconnect24 | <=2.6.5 | |
| Mbconnectline Mbspider Mdh 916 Firmware | ||
| All of | ||
| Mbconnectline Mymbconnect24 | <=5.1.11 | |
| Mbconnectline Mbnet Hw1 Firmware | ||
| All of | ||
| Mbconnectline Mymbconnect24 | <8.2.1 | |
| Mbconnectline Mbnet Hw1 | ||
| All of | ||
| Mbconnectline Mymbconnect24 | <8.2.1 | |
| Mbconnectline |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-45273?
CVE-2024-45273 has been classified with a severity level that indicates potential risk due to unauthenticated local access allowing decryption of sensitive configuration files.
How do I fix CVE-2024-45273?
To fix CVE-2024-45273, upgrade to the latest firmware version that addresses the weak encryption implementation.
Who is affected by CVE-2024-45273?
CVE-2024-45273 affects devices running specific versions of firmware for products by Mbconnectline and Helmholz.
What are the risks associated with CVE-2024-45273?
The risks of CVE-2024-45273 include potential unauthorized access and compromise of device configurations, leading to further attacks.
Can CVE-2024-45273 be exploited remotely?
No, CVE-2024-45273 requires local access for exploitation, making it a concern primarily for environments with physical security vulnerabilities.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/weakness
- agent/severity
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mbconnectline
- canonical/mbconnectline mymbconnect24
- canonical/mbconnectline
- vendor/helmholz
- canonical/helmholz myrex24
- canonical/helmholz rex 300
- version/helmholz rex 300/5.1.11
- canonical/helmholz rex 300 firmware
- canonical/helmholz rex 200 firmware
- canonical/helmholz rex 250 firmware
- canonical/helmholz rex 100
- canonical/helmholz rex 100 firmware
- canonical/mbconnectline mbnet hw1
- version/mbconnectline mbnet hw1/2.6.5
- version/mbconnectline mymbconnect24/2.6.5
- canonical/mbconnectline mbspider mdh 916 firmware
- version/mbconnectline mymbconnect24/5.1.11
- canonical/mbconnectline mbnet hw1 firmware