PT-2021-11791 · Unknown · Mb Connect Line Mymbconnect24+1

Published

2021-02-16

Updated

2021-02-19

CVE-2020-35559

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 versions 2.6.2 and earlier

Description: An issue allows an authenticated attacker to use up all available IPs of an account, preventing the creation of new devices and users. This is due to an unused function.

Recommendations: For MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 versions 2.6.2 and earlier, consider disabling the unused function to prevent exploitation until a patch is available.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2020-35559

Affected Products

Mb Connect Line Mymbconnect24

Mbconnect24

PT-2021-11791 · Unknown · Mb Connect Line Mymbconnect24+1

CVE-2020-35559

Weakness Enumeration

Related Identifiers

Affected Products

References · 5