CVE-2024-45272— MB connect line/Helmholz: Generation of weak passwords vulnerability

CVSS 7.5 · High EPSS 1.02% · P77 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-45272

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

MB connect line/Helmholz: Generation of weak passwords vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-1391

Source: NVD (National Vulnerability Database)

Vulnerability Title

Helmholz REX200/250 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Helmholz REX200/250是Helmholz公司的一款无线路由器。 Helmholz REX200/250 5.1.11之前版本存在安全漏洞，该漏洞源于未经身份验证的远程攻击者可以对远程服务门户的凭据进行暴力攻击，从而导致连接丢失。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
MB connect line	mbCONNECT24	0.0.0 ~ 2.16.2	-
MB connect line	mymbCONNECT24	0.0.0 ~ 2.16.2	-
Helmholz	myREX24 V2	0.0.0 ~ 2.16.2	-
Helmholz	myREX24.virtual	0.0.0 ~ 2.16.2	-

II. Public POCs for CVE-2024-45272

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-45272

请登录查看更多情报信息。

Same Patch Batch · MB connect line · 2024-10-15 · 6 CVEs total

CVE-2024-45274	9.8 CRITICAL	MB connect line/Helmholz: Remote code execution via confnet service
CVE-2024-45275	9.8 CRITICAL	MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
CVE-2024-45273	8.4 HIGH	MB connect line/Helmholz: Weak encryption of configuration file
CVE-2024-45271	8.4 HIGH	MB connect line/Helmholz: Remote code execution due to improper input validation
CVE-2024-45276	7.5 HIGH	MB connect line/Helmholz: tmp directory exposed via webservice

IV. Related Vulnerabilities

Same product: mbCONNECT24

Same vendor: MB connect line

Same weakness: CWE-1391

V. Comments for CVE-2024-45272

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-45272— MB connect line/Helmholz: Generation of weak passwords vulnerability

I. Basic Information for CVE-2024-45272

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-45272

III. Intelligence Information for CVE-2024-45272

Same Patch Batch · MB connect line · 2024-10-15 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-45272

Leave a comment