Primary

Context

MB Connect Line and Helmholz myREX24 Products Missing Authentication Vulnerability Allowing Information Disclosure and Denial-of-Service

Vulnerability

Patched

A vulnerability exists in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products, as well as in Helmholz's myREX24 and myREX24.virtual applications, all versions prior to 2.18.0. The issue arises from the mb24api endpoint, which, when accessed via VPN, lacks proper authentication for sensitive functions. This flaw enables unauthenticated remote attackers to access limited sensitive information, such as user and device names, and to perform denial-of-service attacks targeting specific users or devices.

Impact

Exploitation of this vulnerability allows for unauthorized access to limited sensitive information and the ability to disrupt service for a specific user or device.

Remediation

Users are advised to update to the latest version, 2.18.0.

Added: Jun 24, 2025, 8:23 AM

Updated: Jun 24, 2025, 8:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MB Connect Line and Helmholz myREX24 Products Missing Authentication Vulnerability Allowing Information Disclosure and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

MB connect line mbCONNECT24

MB connect line mymbCONNECT24

Helmholz myREX24

Helmholz myREX24.virtual

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating