Mbconnectline Mymbconnect24

38 CVEs affecting Mbconnectline Mymbconnect24. Latest disclosed: 2026-04-02. Critical: 3, High: 13.

Top CVEs affecting Mbconnectline Mymbconnect24
CVESeverityScorePublishedSummary
CVE-2020-35565Critical9.82021-02-16An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
CVE-2020-10383Critical9.82020-04-14An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code ex…
CVE-2026-33615Critical9.12026-04-02An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special…
CVE-2023-0985High8.82023-06-06An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An…
CVE-2020-10382High8.82020-04-14An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code exec…
CVE-2024-45273High8.42024-10-15An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
CVE-2020-35567High7.82021-02-16An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this passw…
CVE-2020-10384High7.82020-04-14An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from…
CVE-2026-33616High7.52026-04-02An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of s…
CVE-2026-33614High7.52026-04-02An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special…
CVE-2024-45272High7.52024-10-15An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in…
CVE-2021-34580High7.52021-10-27In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted…
CVE-2021-34575High7.52021-08-02In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the serv…
CVE-2020-35564High7.52021-02-16An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user i…
CVE-2020-35558High7.52021-02-16An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the M…
CVE-2026-33613High7.22026-04-02Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray functi…
CVE-2020-12528Medium6.52021-03-02An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a lo…
CVE-2020-12527Medium6.52021-03-02An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access…
CVE-2020-35557Medium6.52021-02-16An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see…
CVE-2020-24568Medium6.52020-10-02An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing…