CVE-2024-23943

MB connect line: Cloud API access due to a lack of authentication for a critical function

CVSS 9.1 CRITICALEPSS 0.6%CWE-306

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Produtos afetados

MB connect line · mbCONNECT24 MB connect line · mbNET MB connect line · mbNET.rokey MB connect line · mymbCONNECT24

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert.vde.com/en/advisories/VDE-2024-010