VYPR

mbCONNECT24

by MB Connect Lines

CVEs (24)

  • CVE-2020-12530MedMar 2, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.

  • CVE-2020-35568MedFeb 16, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users…

  • CVE-2020-35559MedFeb 16, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.

  • CVE-2020-24569MedSep 30, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.

Page 2 of 2