CVE-2024-45275— MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-45275
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
Source: NVD (National Vulnerability Database)
Vulnerability Description
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Helmholz REX100 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Helmholz REX100是Helmholz公司的一款无线路由器。 Helmholz REX100 2.3.1之前版本存在信任管理问题漏洞,该漏洞源于包含两个硬编码的用户帐户和硬编码的密码,允许未经身份验证的远程攻击者完全控制受影响的设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MB connect line | mbNET.mini | 0.0.0 ~ 2.2.13 | - | |
| Helmholz | REX100 | 0.0.0 ~ 2.2.13 | - |
II. Public POCs for CVE-2024-45275
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-45275
请登录查看更多情报信息。
Same Patch Batch · MB connect line · 2024-10-15 · 6 CVEs total
| CVE-2024-45274 | 9.8 CRITICAL | MB connect line/Helmholz: Remote code execution via confnet service |
| CVE-2024-45273 | 8.4 HIGH | MB connect line/Helmholz: Weak encryption of configuration file |
| CVE-2024-45271 | 8.4 HIGH | MB connect line/Helmholz: Remote code execution due to improper input validation |
| CVE-2024-45272 | 7.5 HIGH | MB connect line/Helmholz: Generation of weak passwords vulnerability |
| CVE-2024-45276 | 7.5 HIGH | MB connect line/Helmholz: tmp directory exposed via webservice |
IV. Related Vulnerabilities
Same product: mbNET.mini
- CVE-2025-41681
Persistent Cross-Site Scripting via POST Requests Due to Imp - CVE-2025-41679
Unauthenticated Buffer Overflow in Conftool Service Leading - CVE-2025-41678
SQL Injection via POST Requests Allowing Configuration Datab - CVE-2025-41677
Resource Exhaustion via POST Requests to send-mail Action - CVE-2025-41676
Resource Exhaustion via POST Requests to send-sms Action
Same vendor: MB connect line
- CVE-2026-33617
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33616
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33615
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33614
MB connect line mbCONNECT24 vulnerable to an unauthenticated - CVE-2026-33613
MB connect line mbCONNECT24 vulnerable to RCE in generateSrp
Same weakness: CWE-798
- CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2026-8032
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-cod - CVE-2026-32834
Easy PayPal Events & Tickets 1.3 Authentication Bypass via Q - CVE-2026-42376
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials - CVE-2026-42375
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
V. Comments for CVE-2024-45275
No comments yet