VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 16, 2023· Updated Sep 16, 2024

CVE-2023-4834

CVE-2023-4834

Description

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper access validation in mbCONNECT24, mymbCONNECT24, myREX24, myREX24.virtual up to 2.14.2 allows low-privileged users to read non-critical device info.

Vulnerability

An improperly implemented access validation exists in Red Lion Europe mbCONNECT24, mymbCONNECT24, Helmholz myREX24, and myREX24.virtual up to and including version 2.14.2 [1][2]. This allows authenticated users with low privileges to gain unauthorized read access to limited, non-critical device information that should be restricted to their account.

Exploitation

An attacker with a low-privileged account can exploit this vulnerability by requesting device information endpoints that lack proper authorization checks [1][2]. No additional privileges or user interaction beyond authentication are required.

Impact

Successful exploitation gives the attacker read access to limited, non-critical device information [1][2]. The data is restricted to non-sensitive details and does not include critical configuration or operational parameters. No modification or escalation of privilege is possible.

Mitigation

As of publication, the vendor has not released a fixed version [1][2]. Users should monitor vendor advisories for updates. No workarounds are currently available.

References
  1. Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual
  2. MB connect line: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.