HIGH🇬🇧 English

CVE-2025-41675

CVSS 7.2v3.1pub. 2025-07-21upd. 2025-11-06

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Mbconnectline Mbnet.mini

    HW
    Mbconnectline
    wszystkie wersje
  • Mbconnectline Mbnet.mini Firmware

    OS
    Mbconnectline
    < 2.3.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2024-45275CRITICAL9.8PL ✓ten sam produkt

Zakodowane na stałe dane logowe w urządzeniach Mbconnectline i Helmholz

CVE-2024-45274CRITICAL9.8PL ✓ten sam produkt

Zdalne wykonanie poleceń OS bez uwierzytelnienia via UDP w urządzeniach Mbconnectline i Helmholz

CVE-2025-41674HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic ac...

CVE-2025-41673HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms acti...

CVE-2024-45276HIGH7.5ten sam produkt

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authent...