Helmholz Myrex24.virtual
11 CVEs affecting Helmholz Myrex24.virtual. Latest disclosed: 2025-06-24. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-0985 | High | 8.8 | 2023-06-06 | An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An… |
CVE-2024-45273 | High | 8.4 | 2024-10-15 | An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. |
CVE-2025-3090 | High | 8.2 | 2025-06-24 | An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function. |
CVE-2025-3092 | High | 7.5 | 2025-06-24 | An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. |
CVE-2025-3091 | High | 7.5 | 2025-06-24 | An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password. |
CVE-2024-45272 | High | 7.5 | 2024-10-15 | An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in… |
CVE-2020-12527 | Medium | 6.5 | 2021-03-02 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access… |
CVE-2022-22520 | Medium | 5.3 | 2022-09-14 | A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and H… |
CVE-2023-4834 | Medium | 4.3 | 2023-10-16 | In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validatio… |
CVE-2023-1779 | Medium | 4.3 | 2023-06-06 | Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtu… |
CVE-2021-34574 | Medium | 4.3 | 2021-08-02 | In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the… |