CVE-2024-45276
Files or Directories Accessible to External Parties (CWE-552)
Published: Oct 15, 2024 / Updated: 35d ago
010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2024-45276. See article
Oct 15, 2024 at 10:37 AM / CERT@VDE
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Oct 15, 2024 at 10:54 AM
CVE Assignment
NVD published the first details for CVE-2024-45276
Oct 15, 2024 at 11:15 AM
CVSS
A CVSS base score of 7.5 has been assigned.
Oct 15, 2024 at 11:20 AM / nvd
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Oct 15, 2024 at 11:31 AM
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Oct 15, 2024 at 11:34 AM
EPSS
EPSS Score was set to: 0.09% (Percentile: 37.8%)
Oct 16, 2024 at 9:57 AM
Affected Systems
Mbconnectline/mbnet.mini_firmware
+null more
Links to Mitre Att&cks
T1119: Automated Collection
+null more
Attack Patterns
CAPEC-150: Collect Data from Common Resource Locations
+null more
News
Germany’s CERT@VDE reports critical flaws in mbNET.mini and Helmholz industrial routers
Germany’s CERT@VDE is reporting several critical and high-severity vulnerabilities in industrial routers, affecting the mbNET.mini from MB Connect Line and Helmholz's REX100 . CVE-2024-45274 (CVSS score 9.8) - Allows unauthenticated remote attackers to execute arbitrary OS commands due to missing authentication.
Critical Vulnerabilities Found in mbNET.mini Industrial Routers Could Allow for Full System Takeover
Summary: A security advisory from CERT@VDE has disclosed multiple critical vulnerabilities in the mbNET.mini industrial router, which could allow remote code execution and unauthorized access to industrial systems. The router, produced by MB connect line, is essential for managing devices remotely, but these new vulnerabilities have exposed significant risks, allowing for remote code execution (RCE) and unauthorized access.
Critical Vulnerabilities Found in mbNET.mini Industrial Routers Could Allow for Full System Takeover
The router, produced by MB connect line, is essential for managing devices remotely, but these new vulnerabilities have exposed significant risks, allowing for remote code execution (RCE) and unauthorized access. CVE-2024-45276 (CVSS 7.5): Attackers can gain unauthorized read access to files stored in the “/tmp” directory, potentially leaking sensitive data.
Helmholz REX100 Industrial Routers Found Vulnerable to Critical Security Exploits [ics] [net]
Vulnerabilities in Helmholz REX100 industrial routers allow unauthorized access and remote code execution, with firmware version 2.3.1 released to address the issues.
High - CVE-2024-45276 - An unauthenticated remote attacker can get read...
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
See 9 more articles and social media posts