MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey

VDE-2023-012

Last update

17.08.2023 14:00

Published at

17.08.2023 14:00

Vendor(s)

MB connect line GmbH

External ID

VDE-2023-012

CSAF Document

Download

Summary

A stored XXS vulnerability has been found in mbNET and mbNET/.rokey in all versions before 7.3.2.

Impact

A remote, authenticated attacker can fully compromise the browser session of all users accessing the devices web interface.

Affected Product(s)

Model no.	Product name	Affected versions
	mbNET <7.3.2	mbNET <7.3.2
	mbNET.rokey <7.3.2	mbNET.rokey <7.3.2
	mbNET <7.3.2	mbNET <7.3.2
	mbNET.rokey <7.3.2	mbNET.rokey <7.3.2

Vulnerabilities

Expand / Collapse all

Published

24.09.2025 12:42

Severity

4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

References

cve.org | nvd.nist.gov

Remediation

Update to 7.3.2

Acknowledgments

MB connect line GmbH thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1	17.08.2023 14:00	Initial revision.

MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-34412 4.8

Remediation

Acknowledgments

Revision History