CVE-2025-41674

High CVSS: 7.2

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

Vendor

Mbconnectline

Product

Mbnet.mini Firmware

CWE

CWE-78

Yayın Tarihi

2025-07-21 10:15:24

Güncelleme

2025-11-06 16:45:25

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-78 Mbnet.mini Firmware HIGH Mbconnectline 2025

Referanslar

https://certvde.com/de/advisories/VDE-2025-058 http://seclists.org/fulldisclosure/2025/Jul/38

Benzer Kayıtlar

Medium

CVE-2025-41679

An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of servi…

Medium

CVE-2025-41681

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special el…

High

CVE-2025-41675

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communicati…

Medium

CVE-2025-41676

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to…

Medium

CVE-2025-41677

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to…

Medium

CVE-2025-41678

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization…