GCVE - cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Mbconnectline (`9053089b-610a-5565-bb20-e8df004a7da3`)
Product	Mbnet.Mini Firmware (`97fa829f-05cc-5ccd-a313-5cf04c1530d5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-41681`	vulnerable	2026-06-03 15:01:15.052928	Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input MEDIUM (4.8) A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. Published: 2025-07-21T09:31:25.796Z Updated: 2025-11-03T19:59:07.270Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41679`	vulnerable	2026-06-03 15:01:15.052478	Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service MEDIUM (5.3) An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. Published: 2025-07-21T09:31:04.713Z Updated: 2025-11-03T19:59:05.914Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41678`	vulnerable	2026-06-03 15:01:15.051917	SQL Injection via POST Requests Allowing Configuration Database Manipulation MEDIUM (6.5) A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. Published: 2025-07-21T09:30:44.484Z Updated: 2025-11-03T19:59:04.559Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41677`	vulnerable	2026-06-03 15:01:15.051393	Resource Exhaustion via POST Requests to send-mail Action MEDIUM (4.9) A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. Published: 2025-07-21T09:30:28.614Z Updated: 2025-11-03T19:59:03.144Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41676`	vulnerable	2026-06-03 15:01:15.050834	Resource Exhaustion via POST Requests to send-sms Action MEDIUM (4.9) A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. Published: 2025-07-21T09:30:07.473Z Updated: 2025-11-03T19:59:01.738Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41675`	vulnerable	2026-06-03 15:01:15.050129	Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization HIGH (7.2) A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. Published: 2025-07-21T09:29:57.024Z Updated: 2025-11-03T19:59:00.344Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41674`	vulnerable	2026-06-03 15:01:15.049568	Remote Command Injection in diagnostic Action Due to Improper Input Neutralization HIGH (7.2) A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. Published: 2025-07-21T09:29:43.181Z Updated: 2025-11-03T19:58:58.776Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41673`	vulnerable	2026-06-03 15:01:15.048029	Remote Command Injection in send_sms Action Due to Improper Input Neutralization HIGH (7.2) A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. Published: 2025-07-21T09:29:32.129Z Updated: 2025-11-03T19:58:57.413Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45276`	vulnerable	2026-06-03 14:56:49.324922	MB connect line/Helmholz: tmp directory exposed via webservice HIGH (7.5) An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. Published: 2024-10-15T10:28:58.559Z Updated: 2025-01-24T06:32:08.237Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45275`	vulnerable	2026-06-03 14:56:49.324282	MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords CRITICAL (9.8) The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. Published: 2024-10-15T10:28:37.223Z Updated: 2024-10-16T17:39:58.106Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45274`	vulnerable	2026-06-03 14:56:49.323391	MB connect line/Helmholz: Remote code execution via confnet service CRITICAL (9.8) An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Published: 2024-10-15T10:28:16.384Z Updated: 2025-11-03T19:30:51.547Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45273`	vulnerable	2026-06-03 14:56:49.318689	MB connect line/Helmholz: Weak encryption of configuration file HIGH (8.4) An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Published: 2024-10-15T10:27:52.208Z Updated: 2024-10-16T17:47:04.737Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 https://cert.vde.com/en/advisories/VDE-2024-068 https://cert.vde.com/en/advisories/VDE-2024-069	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45271`	vulnerable	2026-06-03 14:56:49.273987	MB connect line/Helmholz: Remote code execution due to improper input validation HIGH (8.4) An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Published: 2024-10-15T10:27:06.004Z Updated: 2025-08-26T14:14:12.044Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.