Local file inclusion vulnerability in products of MB connect line and Helmholz
Description
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local File Inclusion vulnerability in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual allows reading arbitrary JSON files.
Vulnerability
A Local File Inclusion (LFI) vulnerability exists in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. The bug allows an attacker to read arbitrary JSON files on the server.
Exploitation
An attacker can exploit this by sending crafted requests that traverse directories, potentially without requiring authentication. The vulnerability resides in the handling of file paths, enabling inclusion of arbitrary JSON files from the file system.
Impact
Successful exploitation leads to information disclosure. An attacker can read sensitive JSON configuration files, potentially containing credentials or other confidential data.
Mitigation
The issue is fixed in version 2.12.1 [2][3]. Users should update to this version or later. No workaround is mentioned in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <=2.11.2
- Range: <=2.11.2
- Range: <=2.11.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- cert.vde.com/en/advisories/VDE-2021-003mitrex_refsource_CONFIRM
- cert.vde.com/en/advisories/VDE-2022-039mitrex_refsource_CONFIRM
- mbconnectline.com/security-advice/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.