Back to overview

Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual

VDE-2022-017
Last update
05/14/2025 15:00
Published at
09/07/2022 14:54
Vendor(s)
Helmholz GmbH & Co. KG
External ID
VDE-2022-017
CSAF Document
Download

Summary

An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.

Impact

A remote, unauthenticated attacker can enumerate valid users with a timing attack against the webserver.

Affected Product(s)

Model no. Product name Affected versions
myREX24 Firmware <=2.11.2
myREX24.virtual Firmware <=2.11.2

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:58
Severity
5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness
Observable Response Discrepancy (CWE-204)
References
cve.org | nvd.nist.gov

Remediation

Update to Version 2.12.1

Revision History

Version Date Summary
1 09/07/2022 14:54 initial revision
2 05/14/2025 15:00 Fix: added distribution