The manufacturer Helmholz has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

critical security vulnerability closed in this firmware version

Summary
There exists a vulnerability in all REX 100 devices with firmware
Update: 03.07.2024 3:30pm

In section Reported by Sebastian Dietz (CyberDanube) was added.

CVE ID CVE-2024-5672
Last Update: 7. June 2024 10:42
Severity 7.2 ( CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Weakness Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(CWE-78)
Summary
A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.

Impact See CVE description.

Solution Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.

*Remediation Update to latest version: 2.2.13*

Version: 2.2.13 Link
Receive Important Update Messages Stay tuned for upcoming Helmholz REX 100 updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad