Unauthenticated Remote Attackers Can Brute-Force Portal Credentials with High Success Rate, Leading to Connection Loss
CVE-2024-45272

7.5HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24; Myrex24 V2; Myrex24.virtual
Vendor: CVE Published:; 15 October 2024

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2024-45272?

A significant vulnerability has been identified in VDE's Remote Service Portal that allows unauthenticated remote attackers to perform brute-force attacks on user credentials. This vulnerability poses a serious risk, as attackers can exploit weak or default credentials to gain unauthorized access to the portal. Successful exploitation could lead to unauthorized operations and potential data exposure, undermining the overall security of the affected system. It is crucial for organizations utilizing this software to implement strong password policies and consider additional protective measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.16.2

mymbCONNECT24 0.0.0 <= 2.16.2

myREX24 V2 0.0.0 <= 2.16.2

References

https://cert.vde.com/en/advisories/VDE-2024-068

https://cert.vde.com/en/advisories/VDE-2024-069

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Moritz Abrell

SySS GmbH