Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
Type cve
Published 2025-07-21T09:29:43.181Z
Modified 2025-07-21T09:29:43.181Z

Product Information

Vendor MB connect line
Product mbNET.mini
Version 0.0.0

CVSS Information

Base Score 7.2 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Analysis

AI Description A high-privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper input neutralization.
AI Severity High
AI Vendor MB connect line
AI Product mbNET.mini
AI Version 0.0.0

Affected Products

  • MB connect line mbNET.mini 0.0.0
  • Helmholz REX 100 0.0.0

Additional Information

CWE List CWE-78
Source CERTVDE

Description

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.