VDE-2025-069
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-059
July 21, 2025, 12:00 PM
Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-038
June 24, 2025, 12:00 PM
Two vulnerabilities in myREX24/myREX24.virtual can lead to user enumeration an password bypass.
VDE-2025-037
June 24, 2025, 12:00 PM
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2024-031
May 14, 2025, 3:00 PM
The data24 service that is bundled with every installation of myREX24 V2/myREX24.virtual has two serious flaws in core components. These combined can lead to a complete loss of confidentiality, integrity …
VDE-2024-069
Nov. 6, 2024, 12:27 PM
Multiple vulnerabilities have been discovered in Helmholz products that could allow RCE or unauthorized file access. CVE-2024-45272 affects the myREX24 V2 and myREX24.virtual products, while CVE-2024-45273 affects the REX200/250, myREX24 …
VDE-2024-066
Aug. 27, 2025, 12:00 PM
Multiple vulnerabilities have been discovered in REX100 allowing for RCE or unauthorized file access.
VDE-2024-044
May 14, 2025, 2:28 PM
Several Helmholz products are vulnerable to a possible race condition vulnerability in OpenSSH named "regreSSHion".