VDE-2025-058
Vulnerability from csaf_mbconnectlinegmbh - Published: 2025-07-21 10:00 - Updated: 2025-07-21 10:00Summary
MB connect line: Multiple vulnerabilities in mbNET.mini
Severity
Critical
Notes
Summary: Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
Impact: Full control over the device is possible in various ways. For details see CVE description.
Remediation: Update to latest version: 2.3.3
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
7.2 (High)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
7.2 (High)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
7.2 (High)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
4.9 (Medium)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
4.9 (Medium)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
6.5 (Medium)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
5.3 (Medium)
Vendor Fix
Update to latest version: 2.3.3
Mitigation
Enable "Lock network configuration (Conftool)" in device configuration (enabled by default after device comes online for the first time).
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
4.8 (Medium)
Mitigation
As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix
Update to latest version: 2.3.3
References
Acknowledgments
CERT@VDE
certvde.com
St. Poelten UAS
F. Bruckmoser
M. Eder
J. Heigl
M. Heudorn
G. Hofmarcher
M. Kadlec
M. Pristauz-Telsnigg
S. Resch
P. Schweinzer
M. Gschiel
fhstp.ac.at
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Sebastian Dietz"
],
"organization": "CyberDanube",
"summary": "coordination",
"urls": [
"https://cyberdanube.com/"
]
},
{
"names": [
"F. Bruckmoser",
"M. Eder",
"J. Heigl",
"M. Heudorn",
"G. Hofmarcher",
"M. Kadlec",
"M. Pristauz-Telsnigg",
"S. Resch",
"P. Schweinzer",
"M. Gschiel"
],
"organization": "St. Poelten UAS",
"summary": "reporting",
"urls": [
"https://fhstp.ac.at"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities in all mbNET.mini devices with firmware \u003c= 2.3.2 that allow an attacker to gain full control over the device.",
"title": "Summary"
},
{
"category": "description",
"text": "Full control over the device is possible in various ways. For details see CVE description.",
"title": "Impact"
},
{
"category": "description",
"text": "Update to latest version: 2.3.3",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security-team@mbconnectline.de",
"name": "MB connect line GmbH",
"namespace": "https://mbconnectline.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for MB connect line GmbH",
"url": "https://certvde.com/en/advisories/vendor/mbconnectline/"
},
{
"category": "self",
"summary": "VDE-2025-058: MB connect line: Multiple vulnerabilities in mbNET.mini - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-058/"
},
{
"category": "self",
"summary": "VDE-2025-058: MB connect line: Multiple vulnerabilities in mbNET.mini - CSAF",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-058.json"
},
{
"category": "external",
"summary": "MB connect line PSIRT",
"url": "https://mbconnectline.com/security/"
}
],
"title": "MB connect line: Multiple vulnerabilities in mbNET.mini",
"tracking": {
"aliases": [
"VDE-2025-058"
],
"current_release_date": "2025-07-21T10:00:00.000Z",
"generator": {
"date": "2025-07-15T14:45:24.023Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.29"
}
},
"id": "VDE-2025-058",
"initial_release_date": "2025-07-21T10:00:00.000Z",
"revision_history": [
{
"date": "2025-07-21T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "mbNET.mini",
"product": {
"name": "mbNET.mini",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version",
"name": "2.3.3",
"product": {
"name": "Firmware 2.3.3",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c2.3.3",
"product": {
"name": "Firmware \u003c2.3.3",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "MB connect line"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.3.3 installed on mbNET.mini",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-11001",
"relates_to_product_reference": "CSAFPID-21001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.3 installed on mbNET.mini",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-11001",
"relates_to_product_reference": "CSAFPID-22001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-41673",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41673"
},
{
"cve": "CVE-2025-41674",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41674"
},
{
"cve": "CVE-2025-41675",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41675"
},
{
"cve": "CVE-2025-41676",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41676"
},
{
"cve": "CVE-2025-41677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41677"
},
{
"cve": "CVE-2025-41678",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41678"
},
{
"cve": "CVE-2025-41679",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "mitigation",
"details": "Enable \"Lock network configuration (Conftool)\" in device configuration (enabled by default after device comes online for the first time).",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41679"
},
{
"cve": "CVE-2025-41681",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31002"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.3.3",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2025-41681"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…