Unrated severityNVD Advisory· Published Feb 16, 2021· Updated Sep 16, 2024

SSRF in products of MB connect line and Helmholz

CVE-2020-35558

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An SSRF vulnerability in the MySQL access check of MB connect line and Helmholz remote access products allows an attacker to scan internal ports and obtain credential information.

Vulnerability

An SSRF (Server-Side Request Forgery) vulnerability exists in the MySQL access check functionality of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through version 2.11.2 [2][3]. The flaw allows an attacker to make the application send crafted requests to internal or external hosts, effectively scanning for open ports and retrieving sensitive information about possible credentials.

Exploitation

An attacker can exploit this vulnerability by sending specially crafted requests to the affected MySQL access check endpoint. No authentication is required, and the attacker only needs network access to the vulnerable service. The SSRF can be used to probe internal network services and extract credential-related data from the responses.

Impact

Successful exploitation enables an attacker to scan for open ports on internal systems and obtain information about possible credentials. This information leakage can be leveraged for further attacks, potentially leading to unauthorized access or lateral movement within the network.

Mitigation

The vulnerability is fixed in version 2.12.1 of the affected products [2][3]. Users should update to this version or later. No workarounds are documented in the available references.

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Helm/myREX24llm-fuzzy
Range: <=2.11.2
Helm/myREX24.virtualllm-fuzzy
Range: <=2.11.2
Mbconnectline/Mbconnect24llm-fuzzy
Range: <=2.11.2
Mbconnectline/Mymbconnect24llm-fuzzy
Range: <=2.11.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.vde.com/en/advisories/VDE-2021-003mitrex_refsource_CONFIRM
cert.vde.com/en/advisories/VDE-2022-039mitrex_refsource_CONFIRM
mbconnectline.com/security-advice/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000