Unauthenticated Attacker Can Compromise Devices Due to Weak Encryption Implementation
CVE-2024-45273

7.8HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet.mini; Mbnet/mbnet.rokey; Mbnet Hw1; Mbspider
Vendor: CVE Published:; 15 October 2024

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2024-45273?

An identified vulnerability allows unauthenticated local attackers to decrypt the device's configuration file, exposing sensitive information and potentially compromising the device's integrity. This issue stems from a weak encryption implementation, highlighting the need for improved security measures in the affected products. The vulnerability poses serious risks, particularly in environments where device security is paramount, necessitating prompt attention and remediation from users and administrators.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.16.2

mbNET HW1 0.0.0 <= 5.1.11

mbNET.mini 0.0.0 <= 2.2.13

References

https://cert.vde.com/en/advisories/VDE-2024-056

https://cert.vde.com/en/advisories/VDE-2024-066

https://cert.vde.com/en/advisories/VDE-2024-068

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Moritz Abrell

SySS GmbH