Approved changes feed: RSS · Atom
cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Helmholz (464ff5a7-c87f-5dc1-9bca-f7c898c0bb50) |
|---|---|
| Product | Rex100 (2431b46f-4caf-5acd-b187-61402bdc3a4c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-40852 |
vulnerable | 2026-06-08 08:01:21.050080 |
Command injection via malicious configuration
HIGH (7.2)
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Published: 2026-05-27T08:06:36.875Z
Updated: 2026-05-27T11:54:17.274Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40851 |
vulnerable | 2026-06-08 08:01:21.045802 |
Command injection via USB
HIGH (8.4)
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Published: 2026-05-27T08:06:21.815Z
Updated: 2026-05-27T11:54:33.819Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45276 |
vulnerable | 2026-06-08 06:45:55.799863 |
MB connect line/Helmholz: tmp directory exposed via webservice
HIGH (7.5)
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
Published: 2024-10-15T10:28:58.559Z
Updated: 2025-01-24T06:32:08.237Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45275 |
vulnerable | 2026-06-08 06:45:55.798962 |
MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
CRITICAL (9.8)
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
Published: 2024-10-15T10:28:37.223Z
Updated: 2024-10-16T17:39:58.106Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45274 |
vulnerable | 2026-06-08 06:45:55.798191 |
MB connect line/Helmholz: Remote code execution via confnet service
CRITICAL (9.8)
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
Published: 2024-10-15T10:28:16.384Z
Updated: 2025-11-03T19:30:51.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45273 |
vulnerable | 2026-06-08 06:45:55.787583 |
MB connect line/Helmholz: Weak encryption of configuration file
HIGH (8.4)
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Published: 2024-10-15T10:27:52.208Z
Updated: 2024-10-16T17:47:04.737Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45271 |
vulnerable | 2026-06-08 06:45:55.756017 |
MB connect line/Helmholz: Remote code execution due to improper input validation
HIGH (8.4)
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
Published: 2024-10-15T10:27:06.004Z
Updated: 2025-08-26T14:14:12.044Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.