Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product

VDE-2024-066

Last update

27.08.2025 12:00

Published at

15.10.2024 10:00

Vendor(s)

Helmholz GmbH & Co. KG

External ID

VDE-2024-066

CSAF Document

Download

Summary

Multiple vulnerabilities have been discovered in REX100 allowing for RCE or unauthorized file access.

Impact

CVE-2024-45271, CVE-2024-45274 and CVE-2024-45275 allow remote code execution with system privileges, resulting in full compromise of the device.

CVE-2024-45273 allows undetectable tampering and manipulation of encrypted configuration files.

CVE-2024-45276 allows unauthenticated access to potential sensitive files.

Affected Product(s)

Model no.	Product name	Affected versions
	Helmholz REX100	Firmware <=2.2.13

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:58

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Use of Hard-coded Credentials (CWE-798)

Summary

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

References

cve.org | nvd.nist.gov

Published

22.09.2025 14:58

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Missing Authentication for Critical Function (CWE-306)

Summary

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.

References

cve.org | nvd.nist.gov

Published

22.09.2025 14:58

Severity

8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Weak Encoding for Password (CWE-261)

Summary

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

References

cve.org | nvd.nist.gov

Published

22.09.2025 14:58

Severity

8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Summary

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.

References

cve.org | nvd.nist.gov

Published

22.09.2025 14:58

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Files or Directories Accessible to External Parties (CWE-552)

Summary

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.

References

cve.org | nvd.nist.gov

Remediation

Update REX100 to the version 2.3.1

Revision History

Version	Date	Summary
1.0.0	15.10.2024 10:00	Initial revision.
1.0.1	06.11.2024 12:27	Fix: correct certvde domain, added self-reference
1.0.2	12.03.2025 14:30	removed spaces around version operators
1.1.2	27.08.2025 12:00	Update: CWE from CVE-2024-45271, Revision History

Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2024-45275 9.8

CVE-2024-45274 9.8

CVE-2024-45273 8.4

CVE-2024-45271 8.4

CVE-2024-45276 7.5

Remediation

Revision History