CVE-2021-34575— Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34575
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0
Source: NVD (National Vulnerability Database)
Vulnerability Description
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
MB connect line 多款产品 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mb Connect Line MB CONNECT LINE mbCONNECT24是德国MB CONNECT LINE(Mb Connect Line)公司的一套远程服务门户网站。该产品支持远程接入、数据记录和报警等功能。 MB connect line 多款产品存在信息泄露漏洞,该漏洞源于 2.8.0 版本及之前版本的 mymbCONNECT24、mbCONNECT24 中,未经身份验证的用户可以通过检查服务器发送的响应类型来枚举有效用户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MB connect line | mymbCONNECT24 | 2.8.0 ~ 2.8.0 | - | |
| MB connect line | mbCONNECT24 | 2.8.0 ~ 2.8.0 | - |
II. Public POCs for CVE-2021-34575
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-34575
请登录查看更多情报信息。
- https://cert.vde.com/de-de/advisories/vde-2021-030x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-34575
Same Patch Batch · MB connect line · 2021-08-02 · 4 CVEs total
| CVE-2021-33527 | 9.8 CRITICAL | OS Command Injection in mbDIALUP <= 3.9R0.0 |
| CVE-2021-33526 | 7.8 HIGH | Privilege escalation in mbDIALUP <= 3.9R0.0 |
| CVE-2021-34574 | 4.3 MEDIUM | Password policy evasion in products of MB connect line and Helmholz |
IV. Related Vulnerabilities
Same product: mymbCONNECT24
- CVE-2022-22520
User enumeration vulnerability in MB connect line and Helmho - CVE-2021-34580
Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9 - CVE-2021-34574
Password policy evasion in products of MB connect line and H - CVE-2020-12527
Improper Access Validation in products of MB connect line an - CVE-2020-12528
mymbCONNECT24 安全漏洞
Same vendor: MB connect line
- CVE-2026-33617
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33616
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33615
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33614
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33613
MB connect line mbCONNECT24 vulnerable to RCE in generateSrp
Same weakness: CWE-203
- CVE-2026-44263
Weblate: Private Translation Enumeration via Screenshot API - CVE-2023-5872
Wago: Vulnerability in Smart Designer Web-Application - CVE-2026-33429
Parse Server: Protected field change detection oracle via Li - CVE-2026-33425
Discourse has inferable private group membership or existenc - CVE-2026-3580
Compiler-induced timing leak in sp_256_get_entry_256_9 on RI
V. Comments for CVE-2021-34575
No comments yet