CVE-2023-34412 in mbNETinformação

Sumário

de MITRE • 17/08/2023

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

CERT VDE

Reservar

05/06/2023

Divulgação

17/08/2023

Moderação

aceite

Entrada

VDB-237418

CPE

pronto

CWE

CWE-79 (confirmado)

CVSS

5.4 (NVD)

EPSS

0.00345

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-34412
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-34412
CVE Details	https://www.cvedetails.com/cve/CVE-2023-34412/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!