ByteOS Network

myREX24V2.virtual

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-32969

Assigner-CERT@VDE

View Details

Assigner-CERT@VDE

CVSS Score-7.5||HIGH

EPSS-0.19% / 40.39%

7 Day CHG+0.02%

Published-23 Mar, 2026 | 11:16

Updated-23 Mar, 2026 | 16:01

Pre-Auth Blind SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vendor-Helmholz MB connect line

Product-mymbCONNECT24 MB connect line mbCONNECT24 myREX24V2.virtual myREX24V2

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-32968

Assigner-CERT@VDE

View Details

Assigner-CERT@VDE

CVSS Score-9.8||CRITICAL

EPSS-0.16% / 36.60%

7 Day CHG+0.01%

Published-23 Mar, 2026 | 11:16

Updated-23 Mar, 2026 | 14:31

Unauthenticated RCE in com_mb24sysapi

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

Vendor-Helmholz MB connect line

Product-mymbCONNECT24 MB connect line mbCONNECT24 myREX24V2.virtual myREX24V2

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')