Zurück zur Übersicht

MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24

VDE-2022-011
Last update
07.09.2022 14:50
Published at
07.09.2022 14:50
Vendor(s)
MB connect line GmbH
External ID
VDE-2022-011
CSAF Document
Download

Summary

An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.

Impact

A remote, unauthenticated attacker can enumerate valid users with a timing attack against the webserver.

Affected Product(s)

Model no. Product name Affected versions
mbCONNECT24 Firmware <=2.11.2
mymbCONNECT24 Firmware <=2.11.2

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:57
Severity
5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness
Observable Response Discrepancy (CWE-204)
References
cve.org | nvd.nist.gov

Remediation

Update to Version 2.12.1

Revision History

Version Date Summary
1 07.09.2022 14:50 initial revision