Unrated severityNVD Advisory· Published Feb 16, 2021· Updated Sep 16, 2024

Foreced Browsing vulnerability in products of MB connect line and Helmholz

CVE-2020-35570

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated attacker can access restricted files in MB connect line and Helmholz remote access products through version 2.11.2 via forceful browsing.

Vulnerability

In mymbCONNECT24, mbCONNECT24, myREX24, and myREX24.virtual through version 2.11.2, an unauthenticated attacker can access files that should have been restricted via forceful browsing (direct URL traversal). The issue exists because access controls are not properly enforced for certain file resources.

Exploitation

An unauthenticated attacker can simply send crafted HTTP requests to access files that should not be publicly accessible. No authentication or special privileges are required. The attacker may enumerate file paths or use common directory traversal patterns to retrieve sensitive data.

Impact

Successful exploitation allows an unauthenticated attacker to read restricted files, potentially exposing sensitive configuration data, credentials, or other internal information. This leads to information disclosure.

Mitigation

Update to version 2.12.1 or later, as recommended in the VDE advisory [2][3]. Affected product lines include mymbCONNECT24 and mbCONNECT24 (VDE-2021-003) as well as Helmholz myREX24 and myREX24.virtual (VDE-2022-039). The fix was released for version 2.12.1.

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Helm/myREX24llm-fuzzy
Range: <=2.11.2
Mbconnectline/Mbconnect24llm-fuzzy
Range: <=2.11.2
Mbconnectline/Mymbconnect24llm-fuzzy
Range: <=2.11.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.vde.com/en/advisories/VDE-2021-003mitrex_refsource_CONFIRM
cert.vde.com/en/advisories/VDE-2022-039mitrex_refsource_CONFIRM
mbconnectline.com/security-advice/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000