Mbnet Mini Firmware
CVE-2024-45271
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
AnalysisAI
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Affected products include: Mbconnectline Mbnet.Mini Firmware, Helmholz Rex 100 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Mbnet Mini Firmware
View allThe devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Rated cr
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. R
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today