CVE-2025-41679

An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://certvde.com/de/advisories/VDE-2025-058	Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jul/38	Mailing List

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*

History

06 Nov 2025, 16:44

Type	Values Removed	Values Added
References	~~() https://certvde.com/de/advisories/VDE-2025-058 -~~	() https://certvde.com/de/advisories/VDE-2025-058 - Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2025/Jul/38 -~~	() http://seclists.org/fulldisclosure/2025/Jul/38 - Mailing List
First Time		Mbconnectline mbnet.mini Mbconnectline mbnet.mini Firmware Mbconnectline
CPE		cpe:2.3:h:mbconnectline:mbnet.mini:-:::::::* cpe:2.3:o:mbconnectline:mbnet.mini_firmware::::::::

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Jul/38 -
Summary		(es) Un atacante remoto no autenticado podría explotar una vulnerabilidad de desbordamiento de búfer en el dispositivo, provocando una denegación de servicio que afecte únicamente al servicio del asistente de inicialización de red (Conftool).

21 Jul 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-21 10:15

Updated : 2025-11-06 16:44

NVD link : CVE-2025-41679

Mitre link : CVE-2025-41679

CVE.ORG link : CVE-2025-41679

JSON object : View

Products Affected

mbconnectline

mbnet.mini
mbnet.mini_firmware

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-41679", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-21T10:15:25.133", "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-058", "tags": ["Vendor Advisory"], "source": "info@cert.vde.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/38", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service."}, {"lang": "es", "value": "Un atacante remoto no autenticado podr\u00eda explotar una vulnerabilidad de desbordamiento de b\u00fafer en el dispositivo, provocando una denegaci\u00f3n de servicio que afecte \u00fanicamente al servicio del asistente de inicializaci\u00f3n de red (Conftool)."}], "lastModified": "2025-11-06T16:44:44.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73596D99-CA79-4FF6-AEF1-62C751C7FD23", "versionEndExcluding": "2.3.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A1D1B769-DA91-4F0C-AD34-D735B7A8B8FF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}