Volerion logoVolerion
Volerion logoVolerion

MB Connect Line Cloud API Authentication Vulnerability in mbCONNECT24 and mymbCONNECT24

Vulnerability

A vulnerability exists in MB Connect Line's cloud API, allowing unauthenticated remote access due to inadequate authentication for a critical function in affected devices. This issue is present in mbCONNECT24 and mymbCONNECT24 versions prior to 2.16.2, as well as in mbNET and mbNET.rokey versions prior to 8.2.0. The vulnerability could lead to a complete loss of confidentiality and integrity for individual devices or the entire service.

Impact

Exploitation of this vulnerability could result in unauthorized access to the cloud API, allowing for potential manipulation or interception of data, thereby compromising the confidentiality and integrity of the affected devices or services.

Remediation

Users of mbCONNECT24 and mymbCONNECT24 should update to version 2.16.2. For mbNET and mbNET.rokey devices, those on firmware versions 8.0.0 to 8.1.3 should update to version 8.2.0 or later.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
4.7
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.