A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HMbconnectline Mbnet.mini
HWMbconnectlinewszystkie wersjeMbconnectline Mbnet.mini Firmware
OSMbconnectline< 2.3.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Powiązane podatności
CVE-2024-45275CRITICAL9.8PL ✓ten sam produkt
Zakodowane na stałe dane logowe w urządzeniach Mbconnectline i Helmholz
CVE-2024-45274CRITICAL9.8PL ✓ten sam produkt
Zdalne wykonanie poleceń OS bez uwierzytelnienia via UDP w urządzeniach Mbconnectline i Helmholz
CVE-2025-41675HIGH7.2ten sam produkt
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server c...
CVE-2025-41673HIGH7.2ten sam produkt
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms acti...
CVE-2024-45276HIGH7.5ten sam produkt
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authent...