CVE-2024-45275

CRITICAL

Helmholz REX 100 and MBConnectLine MBnet.mini Firmware <= 2.3.1 - Hardcoded Credentials

Title source: llm

Description

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

References (3)

Core 3

Core References

Various Sources

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-064.txt

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-056

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-066

Scores

CVSS v3 9.8

EPSS 0.0080

EPSS Percentile 51.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (2)

helmholz/rex_100_firmware < 2.3.1

mbconnectline/mbnet.mini_firmware < 2.3.1

Published Oct 15, 2024

Tracked Since Feb 18, 2026