Description
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://cert.vde.com/de-de/advisories/vde-2021-017
Scores
CVSS v3
9.8
EPSS
0.0452
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
mbconnectline/mbdialup
< 3.9r0.0
Published
Aug 02, 2021
Tracked Since
Feb 18, 2026