Details of VAR-202410-0405

ID

VAR-202410-0405

CVE

CVE-2024-45273

TITLE

MB CONNECT LINE of mbnet.mini Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-010550

DESCRIPTION

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-45273 // JVNDB: JVNDB-2024-010550

AFFECTED PRODUCTS

vendor:	helmholz	model:	rex 300	scope:	lte	version:	5.1.11	Trust: 1.0
vendor:	mbconnectline	model:	mbnet.mini	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	mbconnectline	model:	mbnet	scope:	lt	version:	8.2.1	Trust: 1.0
vendor:	helmholz	model:	rex 100	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	mbconnectline	model:	mymbconnect24	scope:	lt	version:	2.16.3	Trust: 1.0
vendor:	helmholz	model:	rex 250	scope:	lt	version:	8.2.1	Trust: 1.0
vendor:	mbconnectline	model:	mbspider mdh 916	scope:	lte	version:	2.6.5	Trust: 1.0
vendor:	helmholz	model:	rex 200	scope:	lt	version:	8.2.1	Trust: 1.0
vendor:	mbconnectline	model:	mbspider mdh 915	scope:	lte	version:	2.6.5	Trust: 1.0
vendor:	mbconnectline	model:	mbspider mdh 905	scope:	lte	version:	2.6.5	Trust: 1.0
vendor:	mbconnectline	model:	mbspider mdh 906	scope:	lte	version:	2.6.5	Trust: 1.0
vendor:	mbconnectline	model:	mbnet hw1	scope:	lte	version:	5.1.11	Trust: 1.0
vendor:	mbconnectline	model:	mbnet.rokey	scope:	lt	version:	8.2.1	Trust: 1.0
vendor:	helmholz	model:	myrex24 v2 virtual server	scope:	lt	version:	2.16.3	Trust: 1.0
vendor:	mbconnectline	model:	mbconnect24	scope:	lt	version:	2.16.3	Trust: 1.0
vendor:	mb connect line	model:	mbnet	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbnet.mini	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbconnect24	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mymbconnect24	scope:	-	version:	-	Trust: 0.8
vendor:	helmholz	model:	rex 300	scope:	-	version:	-	Trust: 0.8
vendor:	helmholz	model:	myrex24 v2 virtual server	scope:	-	version:	-	Trust: 0.8
vendor:	helmholz	model:	rex 100	scope:	-	version:	-	Trust: 0.8
vendor:	helmholz	model:	rex 200	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbspider mdh 915	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbspider mdh 905	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbnet hw1	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbspider mdh 906	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbspider mdh 916	scope:	-	version:	-	Trust: 0.8
vendor:	helmholz	model:	rex 250	scope:	-	version:	-	Trust: 0.8
vendor:	mb connect line	model:	mbnet.rokey	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-010550 // NVD: CVE-2024-45273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-45273
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2024-45273
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-45273
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-45273
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
info@cert.vde.com:	CVE-2024-45273
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-45273
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-010550 // NVD: CVE-2024-45273 // NVD: CVE-2024-45273

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	CWE-261	Trust: 1.0
problemtype:	Use Weak Ciphers for Passwords (CWE-261) [ others ]	Trust: 0.8
problemtype:	Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010550 // NVD: CVE-2024-45273

EXTERNAL IDS

db:	NVD	id:	CVE-2024-45273	Trust: 2.6
db:	CERT@VDE	id:	VDE-2024-056	Trust: 1.8
db:	CERT@VDE	id:	VDE-2024-068	Trust: 1.8
db:	CERT@VDE	id:	VDE-2024-069	Trust: 1.8
db:	CERT@VDE	id:	VDE-2024-066	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-010550	Trust: 0.8

sources: JVNDB: JVNDB-2024-010550 // NVD: CVE-2024-45273

REFERENCES

url:	https://cert.vde.com/en/advisories/vde-2024-056	Trust: 1.8
url:	https://cert.vde.com/en/advisories/vde-2024-066	Trust: 1.8
url:	https://cert.vde.com/en/advisories/vde-2024-068	Trust: 1.8
url:	https://cert.vde.com/en/advisories/vde-2024-069	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-45273	Trust: 0.8

sources: JVNDB: JVNDB-2024-010550 // NVD: CVE-2024-45273

SOURCES

db:	JVNDB	id:	JVNDB-2024-010550
db:	NVD	id:	CVE-2024-45273

LAST UPDATE DATE

2024-10-18T23:14:15.351000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-010550	date:	2024-10-18T03:31:00
db:	NVD	id:	CVE-2024-45273	date:	2024-10-17T17:41:43.017

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-010550	date:	2024-10-18T00:00:00
db:	NVD	id:	CVE-2024-45273	date:	2024-10-15T11:15:11.940