A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HMbconnectline Mbnet.mini
HWMbconnectlinewszystkie wersjeMbconnectline Mbnet.mini Firmware
OSMbconnectline< 2.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2024-45275CRITICAL9.8PL ✓ten sam produkt
Zakodowane na stałe dane logowe w urządzeniach Mbconnectline i Helmholz
CVE-2024-45274CRITICAL9.8PL ✓ten sam produkt
Zdalne wykonanie poleceń OS bez uwierzytelnienia via UDP w urządzeniach Mbconnectline i Helmholz
CVE-2025-41674HIGH7.2ten sam produkt
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic ac...
CVE-2025-41673HIGH7.2ten sam produkt
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms acti...
CVE-2024-45276HIGH7.5ten sam produkt
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authent...