MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24

VDE-2023-002

Last update

05/14/2025 15:00

Published at

05/15/2023 16:06

Vendor(s)

MB connect line GmbH

External ID

vde-2023-002

CSAF Document

Download

Summary

Two vulnerabilites have been discovered in mbCONNECT24 and mbCONNECT24 in all versions through 2.13.3.

Impact

Please consult the CVE Entries.

Affected Product(s)

Model no.	Product name	Affected versions
	mbCONNECT24	Firmware <=2.13.3
	mymbCONNECT24	Firmware <=2.13.3

Vulnerabilities

Expand / Collapse all

Published

09/24/2025 12:42

Severity

8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Authorization Bypass Through User-Controlled Key (CWE-639)

References

cve.org | nvd.nist.gov

Published

09/24/2025 12:42

Severity

4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

References

cve.org | nvd.nist.gov

Mitigation

For CVE-2023-0985: If you have MFA enabled on the admin user, the password will still be set, but the attacker will be unable to login as the MFA is still in place.

Remediation

Update to latest Version: 2.13.4

Acknowledgments

MB connect line GmbH thanks the following parties for their efforts:

CERTVDE for coordination (see https://certvde.com )
Helmholz GmbH & Co. KG for reporting (see https://www.helmholz.de )
Hussein Alsharafi from for reporting

Revision History

Version	Date	Summary
1	05/15/2023 16:06	initial revision
2	05/14/2025 15:00	Fix: added distribution