HIGH🇵🇱 Wersja polska

CVE-2025-41674

CVSS 7.2v3.1pub. 2025-07-21upd. 2025-11-06

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Mbconnectline Mbnet.mini

    HW
    Mbconnectline
    wszystkie wersje
  • Mbconnectline Mbnet.mini Firmware

    OS
    Mbconnectline
    < 2.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-45275CRITICAL9.8PL ✓ten sam produkt

Zakodowane na stałe dane logowe w urządzeniach Mbconnectline i Helmholz

CVE-2024-45274CRITICAL9.8PL ✓ten sam produkt

Zdalne wykonanie poleceń OS bez uwierzytelnienia via UDP w urządzeniach Mbconnectline i Helmholz

CVE-2025-41675HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server c...

CVE-2025-41673HIGH7.2ten sam produkt

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms acti...

CVE-2024-45276HIGH7.5ten sam produkt

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authent...

CVE-2025-41674 — Mbconnectline — Mbnet.Mini — HIGH — CVSS 7.2 | CVEbaza.pl