Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41673 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 7.2 HIGH |
| A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. | |||||
| CVE-2025-41674 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 7.2 HIGH |
| A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. | |||||
| CVE-2025-41675 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 7.2 HIGH |
| A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. | |||||
| CVE-2025-41676 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 4.9 MEDIUM |
| A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. | |||||
| CVE-2025-41677 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 4.9 MEDIUM |
| A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. | |||||
| CVE-2025-41678 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 6.5 MEDIUM |
| A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. | |||||
| CVE-2025-41679 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 5.3 MEDIUM |
| An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. | |||||
| CVE-2025-41681 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 4.8 MEDIUM |
| A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. | |||||
| CVE-2024-45274 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2025-11-03 | N/A | 9.8 CRITICAL |
| An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | |||||
| CVE-2024-45271 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2025-08-26 | N/A | 8.4 HIGH |
| An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | |||||
| CVE-2024-45276 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2025-01-24 | N/A | 7.5 HIGH |
| An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | |||||
| CVE-2024-45275 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | |||||
| CVE-2024-45273 | 2 Helmholz, Mbconnectline | 27 Myrex24 V2 Virtual Server, Rex 100, Rex 100 Firmware and 24 more | 2024-11-21 | N/A | 8.4 HIGH |
| An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | |||||