Unauthenticated Remote Attackers Can Access /tmp Files
CVE-2024-45276

7.5HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet.mini; Rex100
Vendor: CVE Published:; 15 October 2024

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2024-45276?

The vulnerability presents a critical security issue wherein an unauthenticated remote attacker can gain unauthorized read access to files located within the '/tmp' directory. This flaw arises from inadequate authentication requirements, potentially allowing attackers to view sensitive data stored in temporary files. Exploitation of this vulnerability can lead to further security breaches and data exposure, making it essential for users of the affected product to implement immediate mitigative measures.

Affected Version(s)

mbNET.mini 0.0.0 <= 2.2.13

REX100 0.0.0 <= 2.2.13

References

https://cert.vde.com/en/advisories/VDE-2024-056

https://cert.vde.com/en/advisories/VDE-2024-066

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Moritz Abrell

SySS GmbH