CVE-2023-34412 - Vulnerability Details

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Key SSVC decision points have not yet been added.

Vendors	Products
Helmholz	Rex 200 Rex 200 Firmware Rex 250 Rex 250 Firmware
Redlion	Mbnet.rokey Rkh 210 Mbnet.rokey Rkh 210 Firmware Mbnet.rokey Rkh 216 Mbnet.rokey Rkh 216 Firmware Mbnet.rokey Rkh 235 Mbnet.rokey Rkh 235 Firmware Mbnet.rokey Rkh 259 Mbnet.rokey Rkh 259 Firmware Mbnet Mdh 811 Mbnet Mdh 811 Firmware Mbnet Mdh 816 Mbnet Mdh 816 Firmware Mbnet Mdh 831 Mbnet Mdh 831 Firmware Mbnet Mdh 835 Mbnet Mdh 835 Firmware Mbnet Mdh 841 Mbnet Mdh 841 Firmware Mbnet Mdh 850 Mbnet Mdh 850 Firmware Mbnet Mdh 855 Mbnet Mdh 855 Firmware Mbnet Mdh 858 Mbnet Mdh 858 Firmware Mbnet Mdh 859 Mbnet Mdh 859 Firmware Mbnet Mdh 871 Mbnet Mdh 871 Firmware Mbnet Mdh 876 Mbnet Mdh 876 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2023-012/
https://cert.vde.com/en/advisories/VDE-2023-029/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-08-17T13:07:01.697Z

Updated: 2024-08-02T16:10:06.979Z

Reserved: 2023-06-05T12:05:57.451Z

Link: CVE-2023-34412

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-17T14:15:09.700

Modified: 2024-11-21T08:07:11.220

Link: CVE-2023-34412

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object