Volerion logoVolerion
Volerion logoVolerion

MB Connect Line mbCONNECT24 and mymbCONNECT24 Unencrypted Sensitive Data Vulnerability Allowing Impersonation and Denial-of-Service

Vulnerability

A vulnerability exists in MB connect line's mbCONNECT24 and mymbCONNECT24 services, affecting versions prior to 2.16.2. A local user may discover an unencrypted configuration file containing sensitive data on the client workstation. This exposure allows an attacker to impersonate the device or disrupt its connection to the cloud portal, causing a denial-of-service.

Impact

Exploitation of this vulnerability enables an attacker to impersonate the device whose configuration file has been accessed. This impersonation can disrupt the device's connection to the cloud portal, leading to a denial-of-service.

Remediation

Users can update to the latest version, 2.16.2, to address this vulnerability. For mbNET and mbNET.rokey devices with firmware versions 8.0.0 to 8.1.3, the update should be to version 8.2.0 or later.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.3
exploitability
3.3
remediation
7.9
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.