Main Vulnerability Database Vulnerabilities #VU51205

Use of hard-coded credentials in mymbCONNECT24 and mbCONNECT24 - CVE-2020-35567

Published: March 3, 2021

Vulnerability identifier: #VU51205

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-35567

CWE-ID: CWE-798

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
mymbCONNECT24
mbCONNECT24

Software vendor:
MB connect line

Description

The vulnerability allows a local user to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A local user can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://cert.vde.com/de-de/advisories/vde-2021-003

Use of hard-coded credentials in mymbCONNECT24 and mbCONNECT24 - CVE-2020-35567

Description

Remediation

External links

Please verify you're human