CVE-2023-34412

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-012/	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-029/	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-012/	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-029/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-17 14:15

Updated : 2024-11-21 08:07

NVD link : CVE-2023-34412

Mitre link : CVE-2023-34412

CVE.ORG link : CVE-2023-34412

JSON object : View

Products Affected

redlion

mbnet_mdh_816_firmware
mbnet_mdh_841_firmware
mbnet_mdh_871_firmware
mbnet_mdh_859_firmware
mbnet_mdh_858
mbnet_mdh_811
mbnet_mdh_841
mbnet.rokey_rkh_216
mbnet.rokey_rkh_216_firmware
mbnet_mdh_876
mbnet_mdh_831
mbnet_mdh_858_firmware
mbnet_mdh_850_firmware
mbnet_mdh_835
mbnet_mdh_859
mbnet_mdh_816
mbnet.rokey_rkh_259_firmware
mbnet.rokey_rkh_210_firmware
mbnet.rokey_rkh_235
mbnet.rokey_rkh_259
mbnet_mdh_871
mbnet_mdh_831_firmware
mbnet_mdh_835_firmware
mbnet_mdh_850
mbnet_mdh_855_firmware
mbnet_mdh_876_firmware
mbnet.rokey_rkh_210
mbnet_mdh_855
mbnet.rokey_rkh_235_firmware
mbnet_mdh_811_firmware

helmholz

rex_250_firmware
rex_200
rex_200_firmware
rex_250

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.8 /10