CVE-2023-34412 in mbNETinformation

Résumé

par MITRE • 17/08/2023

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

CERT VDE

Réserver

05/06/2023

Divulgation

17/08/2023

Modérer

accepté

Entrée

VDB-237418

CPE

prêt

EPSS

0.00345

KEV

non

Activités

très faible

Sources

Do you need the next level of professionalism?

Upgrade your account now!