CVE-2023-1779— Helmholz and MB Connect Line: Account takeover via password reset in multiple products
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-1779
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Helmholz and MB Connect Line: Account takeover via password reset in multiple products
Source: NVD (National Vulnerability Database)
Vulnerability Description
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
MB connect line mbCONNECT24和mymbCONNECT24 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MB connect line mbCONNECT24和MB connect line mymbCONNECT24都是德国MB connect line公司的产品。MB connect line mbCONNECT24是一套远程服务门户网站。该产品支持远程接入、数据记录和报警等功能。MB connect line mymbCONNECT24是一款适用于虚拟环境的内部远程维护解决方案。 MB connect line 多款产品存在信息泄露漏洞,该漏洞源于存在信息泄露漏洞,允许低权限攻击者查看其他帐户联系信息
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MB Connect Line | mbCONNECT24 | 1.0.0 ~ 2.13.3 | - | |
| MB Connect Line | mymbCONNECT24 | 1.0.0 ~ 2.13.3 | - | |
| Helmholz | myREX24 | 0 ~ 2.13.3 | - | |
| Helmholz | myREX24.virtual | 0 ~ 2.13.3 | - |
II. Public POCs for CVE-2023-1779
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-1779
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: mbCONNECT24
- CVE-2026-33617
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33616
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33615
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33614
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33613
MB connect line mbCONNECT24 vulnerable to RCE in generateSrp
Same vendor: MB Connect Line
- CVE-2026-33617
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33616
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33615
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33614
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33613
MB connect line mbCONNECT24 vulnerable to RCE in generateSrp
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2023-1779
No comments yet