CVE-2023-34412 in mbNETالمعلومات

الملخص

بحسب MITRE • 17/08/2023

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

CERT VDE

حجز

05/06/2023

إفشاء

17/08/2023

الاعتدال

تمت الموافقة

إدخال

VDB-237418

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

5.4 (NVD)

EPSS

0.00345

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-34412
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-34412
CVE Details	https://www.cvedetails.com/cve/CVE-2023-34412/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!