cbcvebase.

Mb Connect Line Mbconnect24 vulnerabilities

63 known vulnerabilities affecting mb_connect_line/mbconnect24.

Total CVEs
63
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH28MEDIUM33

Vulnerabilities

Page 1 of 4
CVE-2024-23943P2CRITICALCVSS 9.1fixed in 2.16.22025-03-18
CVE-2024-23943 [CRITICAL] CWE-306 CVE-2024-23943: An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
nvd
CVE-2026-33613P2HIGHCVSS 8.8≥ 0.0.0, ≤ 2.19.42026-04-02
CVE-2026-33613 [HIGH] CWE-78 CVE-2026-33613: Due to the improper neutralisation of special elements used in an OS command, a remote attacker can Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
nvd
CVE-2026-33615P2CRITICALCVSS 9.1≥ 0.0.0, ≤ 2.19.42026-04-02
CVE-2026-33615 [CRITICAL] CWE-89 CVE-2026-33615: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
nvd
CVE-2023-0985P3HIGHCVSS 8.8≥ 1.0.0, ≤ 2.13.32023-06-06
CVE-2023-0985 [HIGH] CWE-639 CVE-2023-0985: An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and H An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
nvd
CVE-2026-40850P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40850 [HIGH] CWE-89 CVE-2026-40850: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-33614P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.19.42026-04-02
CVE-2026-33614 [HIGH] CWE-89 CVE-2026-33614: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-33616P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.19.42026-04-02
CVE-2026-33616 [HIGH] CWE-89 CVE-2026-33616: An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40810P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40810 [HIGH] CWE-89 CVE-2026-40810: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40813P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40813 [HIGH] CWE-89 CVE-2026-40813: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40816P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40816 [HIGH] CWE-89 CVE-2026-40816: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40815P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40815 [HIGH] CWE-89 CVE-2026-40815: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40814P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40814 [HIGH] CWE-89 CVE-2026-40814: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40818P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40818 [HIGH] CWE-89 CVE-2026-40818: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40812P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40812 [HIGH] CWE-89 CVE-2026-40812: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40811P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40811 [HIGH] CWE-89 CVE-2026-40811: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40817P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40817 [HIGH] CWE-89 CVE-2026-40817: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40819P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40819 [HIGH] CWE-89 CVE-2026-40819: An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2025-3092P3HIGHCVSS 7.5fixed in 2.16.52025-06-24
CVE-2025-3092 [HIGH] CWE-204 CVE-2025-3092: An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
nvd
CVE-2025-3090P3HIGHCVSS 8.2fixed in 2.18.02025-06-24
CVE-2025-3090 [HIGH] CWE-306 CVE-2025-3090: An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device du An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
nvd
CVE-2025-3091P3HIGHCVSS 7.5fixed in 2.16.52025-06-24
CVE-2025-3091 [HIGH] CWE-639 CVE-2025-3091: An low privileged remote attacker in possession of the second factor for another user can login as t An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
nvd
Mb Connect Line Mbconnect24 vulnerabilities | cvebase