Incomplete Filter in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual Allows Information Disclosure

Incomplete Filter in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual Allows Information Disclosure

CVE-2020-35568 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.

Learn more about our User Device Pen Test.