CVE-2025-41673

High CVSS: 7.2

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.

Vendor

Mbconnectline

Product

Mbnet.mini Firmware

CWE

CWE-78

Yayın Tarihi

2025-07-21 10:15:23

Güncelleme

2025-11-06 16:45:33

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-78 Mbnet.mini Firmware HIGH Mbconnectline 2025

Referanslar

https://certvde.com/de/advisories/VDE-2025-058 http://seclists.org/fulldisclosure/2025/Jul/38

Benzer Kayıtlar

Medium

CVE-2025-41679

An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of servi…

Medium

CVE-2025-41681

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special el…

High

CVE-2025-41674

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due t…

High

CVE-2025-41675

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communicati…

Medium

CVE-2025-41676

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to…

Medium

CVE-2025-41677

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to…