CVE-2020-12527

Name of the Vulnerable Software and Affected Versions MB connect line mymbCONNECT24 versions through v2.11.2 mbCONNECT24 versions through v2.11.2 Helmholz myREX24 versions through v2.11.2 Helmholz myREX24.virtual versions through v2.11.2

Description The issue is related to improper access validation, allowing a logged-in user to interact with devices in their account without having the corresponding permissions. This can lead to unauthorized shutdown or reboot of devices. The vulnerability may also allow a remote attacker to disclose protected information or cause a denial of service.

Recommendations For MB connect line mymbCONNECT24 versions through v2.11.2, update to a version later than v2.11.2 to resolve the issue. For mbCONNECT24 versions through v2.11.2, update to a version later than v2.11.2 to resolve the issue. For Helmholz myREX24 versions through v2.11.2, update to a version later than v2.11.2 to resolve the issue. For Helmholz myREX24.virtual versions through v2.11.2, update to a version later than v2.11.2 to resolve the issue. As a temporary workaround, consider restricting access to devices in the account to minimize the risk of exploitation.