Mbnet.Mini
Approved changes feed: RSS · Atom
cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mb Connect Line (40f64ffd-1097-56cb-a890-2fe37828274d) |
|---|---|
| Product | Mbnet.Mini (4a285a3c-2363-5a2b-a56f-17534ebd953f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-40852 |
vulnerable | 2026-06-08 08:01:21.050024 |
Command injection via malicious configuration
HIGH (7.2)
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Published: 2026-05-27T08:06:36.875Z
Updated: 2026-05-27T11:54:17.274Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-40851 |
vulnerable | 2026-06-08 08:01:21.044244 |
Command injection via USB
HIGH (8.4)
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Published: 2026-05-27T08:06:21.815Z
Updated: 2026-05-27T11:54:33.819Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41681 |
vulnerable | 2026-06-08 07:25:07.201829 |
Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
MEDIUM (4.8)
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
Published: 2025-07-21T09:31:25.796Z
Updated: 2025-11-03T19:59:07.270Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41679 |
vulnerable | 2026-06-08 07:25:07.201367 |
Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service
MEDIUM (5.3)
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
Published: 2025-07-21T09:31:04.713Z
Updated: 2025-11-03T19:59:05.914Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41678 |
vulnerable | 2026-06-08 07:25:07.201019 |
SQL Injection via POST Requests Allowing Configuration Database Manipulation
MEDIUM (6.5)
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
Published: 2025-07-21T09:30:44.484Z
Updated: 2025-11-03T19:59:04.559Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41677 |
vulnerable | 2026-06-08 07:25:07.200566 |
Resource Exhaustion via POST Requests to send-mail Action
MEDIUM (4.9)
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
Published: 2025-07-21T09:30:28.614Z
Updated: 2025-11-03T19:59:03.144Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41676 |
vulnerable | 2026-06-08 07:25:07.199888 |
Resource Exhaustion via POST Requests to send-sms Action
MEDIUM (4.9)
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
Published: 2025-07-21T09:30:07.473Z
Updated: 2025-11-03T19:59:01.738Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41675 |
vulnerable | 2026-06-08 07:25:07.199243 |
Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization
HIGH (7.2)
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
Published: 2025-07-21T09:29:57.024Z
Updated: 2025-11-03T19:59:00.344Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41674 |
vulnerable | 2026-06-08 07:25:07.198602 |
Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
HIGH (7.2)
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
Published: 2025-07-21T09:29:43.181Z
Updated: 2025-11-03T19:58:58.776Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41673 |
vulnerable | 2026-06-08 07:25:07.195125 |
Remote Command Injection in send_sms Action Due to Improper Input Neutralization
HIGH (7.2)
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
Published: 2025-07-21T09:29:32.129Z
Updated: 2025-11-03T19:58:57.413Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45276 |
vulnerable | 2026-06-08 06:45:55.799714 |
MB connect line/Helmholz: tmp directory exposed via webservice
HIGH (7.5)
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
Published: 2024-10-15T10:28:58.559Z
Updated: 2025-01-24T06:32:08.237Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45275 |
vulnerable | 2026-06-08 06:45:55.798889 |
MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
CRITICAL (9.8)
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
Published: 2024-10-15T10:28:37.223Z
Updated: 2024-10-16T17:39:58.106Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45274 |
vulnerable | 2026-06-08 06:45:55.794295 |
MB connect line/Helmholz: Remote code execution via confnet service
CRITICAL (9.8)
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
Published: 2024-10-15T10:28:16.384Z
Updated: 2025-11-03T19:30:51.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45273 |
vulnerable | 2026-06-08 06:45:55.785208 |
MB connect line/Helmholz: Weak encryption of configuration file
HIGH (8.4)
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Published: 2024-10-15T10:27:52.208Z
Updated: 2024-10-16T17:47:04.737Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45271 |
vulnerable | 2026-06-08 06:45:55.754692 |
MB connect line/Helmholz: Remote code execution due to improper input validation
HIGH (8.4)
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
Published: 2024-10-15T10:27:06.004Z
Updated: 2025-08-26T14:14:12.044Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.