Mbconnectline Mbconnect24
38 CVEs affecting Mbconnectline Mbconnect24. Latest disclosed: 2026-04-02. Critical: 3, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-35565 | Critical | 9.8 | 2021-02-16 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default. |
CVE-2020-10383 | Critical | 9.8 | 2020-04-14 | An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code ex… |
CVE-2026-33615 | Critical | 9.1 | 2026-04-02 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special… |
CVE-2023-0985 | High | 8.8 | 2023-06-06 | An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An… |
CVE-2020-10382 | High | 8.8 | 2020-04-14 | An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code exec… |
CVE-2024-45273 | High | 8.4 | 2024-10-15 | An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. |
CVE-2020-35567 | High | 7.8 | 2021-02-16 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this passw… |
CVE-2020-10384 | High | 7.8 | 2020-04-14 | An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from… |
CVE-2026-33616 | High | 7.5 | 2026-04-02 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of s… |
CVE-2026-33614 | High | 7.5 | 2026-04-02 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special… |
CVE-2024-45272 | High | 7.5 | 2024-10-15 | An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in… |
CVE-2021-34580 | High | 7.5 | 2021-10-27 | In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted… |
CVE-2021-34575 | High | 7.5 | 2021-08-02 | In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the serv… |
CVE-2020-35564 | High | 7.5 | 2021-02-16 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user i… |
CVE-2020-35558 | High | 7.5 | 2021-02-16 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the M… |
CVE-2026-33613 | High | 7.2 | 2026-04-02 | Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray functi… |
CVE-2020-12528 | Medium | 6.5 | 2021-03-02 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a lo… |
CVE-2020-12527 | Medium | 6.5 | 2021-03-02 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access… |
CVE-2020-35557 | Medium | 6.5 | 2021-02-16 | An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see… |
CVE-2020-24568 | Medium | 6.5 | 2020-10-02 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing… |