CVE-2023-34412
Summary
| CVE | CVE-2023-34412 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-17 14:15:00 UTC |
| Updated | 2023-08-23 21:04:00 UTC |
| Description | A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Helmholz | Rex 200 | - | All | All | All |
| Operating System | Helmholz | Rex 200 Firmware | All | All | All | All |
| Hardware | Helmholz | Rex 250 | - | All | All | All |
| Operating System | Helmholz | Rex 250 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet.rokey Rkh 210 | - | All | All | All |
| Operating System | Redlion | Mbnet.rokey Rkh 210 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet.rokey Rkh 216 | - | All | All | All |
| Operating System | Redlion | Mbnet.rokey Rkh 216 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet.rokey Rkh 235 | - | All | All | All |
| Operating System | Redlion | Mbnet.rokey Rkh 235 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet.rokey Rkh 259 | - | All | All | All |
| Operating System | Redlion | Mbnet.rokey Rkh 259 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 811 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 811 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 816 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 816 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 831 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 831 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 835 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 835 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 841 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 841 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 850 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 850 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 855 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 855 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 858 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 858 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 859 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 859 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 871 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 871 Firmware | All | All | All | All |
| Hardware | Redlion | Mbnet Mdh 876 | - | All | All | All |
| Operating System | Redlion | Mbnet Mdh 876 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2023-012 | CERT@VDE | MISC | cert.vde.com | |
| VDE-2023-029 | CERT@VDE | MISC | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.