MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey

VDE-2023-012

Last update

08/17/2023 14:00

Published at

08/17/2023 14:00

Vendor(s)

MB connect line GmbH

External ID

VDE-2023-012

CSAF Document

Download

Summary

A stored XXS vulnerability has been found in mbNET and mbNET/.rokey in all versions before 7.3.2.

Impact

A remote, authenticated attacker can fully compromise the browser session of all users accessing the devices web interface.

Affected Product(s)

Model no.	Product name	Affected versions
	mbNET <7.3.2	mbNET <7.3.2
	mbNET.rokey <7.3.2	mbNET.rokey <7.3.2
	mbNET <7.3.2	mbNET <7.3.2
	mbNET.rokey <7.3.2	mbNET.rokey <7.3.2

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:57

Severity

4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

References

cve.org | nvd.nist.gov

Remediation

Update to 7.3.2

Revision History

Version	Date	Summary
1	08/17/2023 14:00	Initial revision.

MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-34412 4.8

Remediation

Revision History