VDE-2025-069
Juli 31, 2025, 12:00 nachm.
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-059
Juli 21, 2025, 12:00 nachm.
Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-038
Juni 24, 2025, 12:00 nachm.
Two vulnerabilities in myREX24/myREX24.virtual can lead to user enumeration an password bypass.
VDE-2025-037
Juni 24, 2025, 12:00 nachm.
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2024-031
Mai 14, 2025, 3:00 nachm.
The data24 service that is bundled with every installation of myREX24 V2/myREX24.virtual has two serious flaws in core components. These combined can lead to a complete loss of confidentiality, integrity …
VDE-2024-069
Nov. 6, 2024, 12:27 nachm.
Multiple vulnerabilities have been discovered in Helmholz products that could allow RCE or unauthorized file access. CVE-2024-45272 affects the myREX24 V2 and myREX24.virtual products, while CVE-2024-45273 affects the REX200/250, myREX24 …
VDE-2024-066
Aug. 27, 2025, 12:00 nachm.
Multiple vulnerabilities have been discovered in REX100 allowing for RCE or unauthorized file access.
VDE-2024-044
Mai 14, 2025, 2:28 nachm.
Several Helmholz products are vulnerable to a possible race condition vulnerability in OpenSSH named "regreSSHion".