CVE-2023-4834 MEDIUM

CVE-2023-4834

Vendor Red Lion Europe
Product mbCONNECT24
Weakness CWE-269
Published October 16, 2023
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

Key dates

02Disclosure timeline

October 16, 2023 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-3393 Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability CVE-2025-10650 Improper SSH Key Handling in Internal Debug Builds May Grant Cluster-Level Access to Non-Administrative Users CVE-2025-3278 UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation CVE-2026-3629 Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation