Search

Find a vulnerability

Search criteria

    19 vulnerabilities found for REX 100 by Helmholz

    CVE-2025-41681 (GCVE-0-2025-41681)

    Vulnerability from nvd – Published: 2025-07-21 09:31 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
    Summary
    A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:30:26.217066Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:30:37.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:07.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:31:25.796Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41681",
        "datePublished": "2025-07-21T09:31:25.796Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:07.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41679 (GCVE-0-2025-41679)

    Vulnerability from nvd – Published: 2025-07-21 09:31 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service
    Summary
    An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41679",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:30:59.892256Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:31:24.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:05.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:31:04.713Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41679",
        "datePublished": "2025-07-21T09:31:04.713Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:05.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41678 (GCVE-0-2025-41678)

    Vulnerability from nvd – Published: 2025-07-21 09:30 – Updated: 2025-11-03 19:59
    VLAI
    Title
    SQL Injection via POST Requests Allowing Configuration Database Manipulation
    Summary
    A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41678",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:32:03.780398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:32:09.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:04.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:30:44.484Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection via POST Requests Allowing Configuration Database Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41678",
        "datePublished": "2025-07-21T09:30:44.484Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:04.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41677 (GCVE-0-2025-41677)

    Vulnerability from nvd – Published: 2025-07-21 09:30 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Resource Exhaustion via POST Requests to send-mail Action
    Summary
    A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41677",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:00:24.440243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:33.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:03.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:30:28.614Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Resource Exhaustion via POST Requests to send-mail Action",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41677",
        "datePublished": "2025-07-21T09:30:28.614Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:03.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41676 (GCVE-0-2025-41676)

    Vulnerability from nvd – Published: 2025-07-21 09:30 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Resource Exhaustion via POST Requests to send-sms Action
    Summary
    A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41676",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:00:32.085015Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:39.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:01.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:30:07.473Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Resource Exhaustion via POST Requests to send-sms Action",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41676",
        "datePublished": "2025-07-21T09:30:07.473Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:01.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41675 (GCVE-0-2025-41675)

    Vulnerability from nvd – Published: 2025-07-21 09:29 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization
    Summary
    A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:00:42.591445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:45.460Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:00.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:29:57.024Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41675",
        "datePublished": "2025-07-21T09:29:57.024Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:00.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41674 (GCVE-0-2025-41674)

    Vulnerability from nvd – Published: 2025-07-21 09:29 – Updated: 2025-11-03 19:58
    VLAI
    Title
    Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
    Summary
    A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T17:04:43.501527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T17:05:33.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:58:58.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:29:43.181Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Injection in diagnostic Action Due to Improper Input Neutralization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41674",
        "datePublished": "2025-07-21T09:29:43.181Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:58:58.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41673 (GCVE-0-2025-41673)

    Vulnerability from nvd – Published: 2025-07-21 09:29 – Updated: 2025-11-03 19:58
    VLAI
    Title
    Remote Command Injection in send_sms Action Due to Improper Input Neutralization
    Summary
    A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T17:05:45.438732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T17:06:11.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:58:57.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:29:32.129Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Injection in send_sms Action Due to Improper Input Neutralization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41673",
        "datePublished": "2025-07-21T09:29:32.129Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:58:57.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5672 (GCVE-0-2024-5672)

    Vulnerability from nvd – Published: 2024-07-03 12:26 – Updated: 2025-02-13 17:54
    VLAI
    Title
    Red Lion Europe: mbNET.mini vulnerable to OS command injection
    Summary
    A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Red Lion Europe mbNET.mini Affected: 0 , ≤ 2.2.11 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0 , ≤ 2.2.11 (semver)
    Create a notification for this product.
    helmholz rex_100_firmware Affected: 0 , ≤ 2.2.11 (custom)
        cpe:2.3:a:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    redlion mbnet_mini Affected: 0 , ≤ 2.2.11 (custom)
        cpe:2.3:a:redlion:mbnet_mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sebastian Dietz CyberDanube
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex_100_firmware",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:redlion:mbnet_mini:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet_mini",
                "vendor": "redlion",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5672",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-11T19:03:51.830907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T19:49:42.244Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-030"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sebastian Dietz"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "CyberDanube"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can\u0026nbsp;execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can\u00a0execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-04T06:06:11.012Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-030"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-032"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/6"
            }
          ],
          "source": {
            "advisory": "VDE-2024-030",
            "defect": [
              "CERT@VDE#641635"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Red Lion Europe: mbNET.mini vulnerable to OS command injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-5672",
        "datePublished": "2024-07-03T12:26:44.599Z",
        "dateReserved": "2024-06-06T07:27:39.719Z",
        "dateUpdated": "2025-02-13T17:54:25.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41681 (GCVE-0-2025-41681)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:31 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
    Summary
    A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:30:26.217066Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:30:37.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:07.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:31:25.796Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41681",
        "datePublished": "2025-07-21T09:31:25.796Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:07.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41679 (GCVE-0-2025-41679)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:31 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service
    Summary
    An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41679",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:30:59.892256Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:31:24.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:05.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:31:04.713Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41679",
        "datePublished": "2025-07-21T09:31:04.713Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:05.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41678 (GCVE-0-2025-41678)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:30 – Updated: 2025-11-03 19:59
    VLAI
    Title
    SQL Injection via POST Requests Allowing Configuration Database Manipulation
    Summary
    A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41678",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:32:03.780398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:32:09.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:04.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:30:44.484Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection via POST Requests Allowing Configuration Database Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41678",
        "datePublished": "2025-07-21T09:30:44.484Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:04.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41677 (GCVE-0-2025-41677)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:30 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Resource Exhaustion via POST Requests to send-mail Action
    Summary
    A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41677",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:00:24.440243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:33.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:03.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:30:28.614Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Resource Exhaustion via POST Requests to send-mail Action",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41677",
        "datePublished": "2025-07-21T09:30:28.614Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:03.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41676 (GCVE-0-2025-41676)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:30 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Resource Exhaustion via POST Requests to send-sms Action
    Summary
    A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41676",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:00:32.085015Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:39.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:01.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:30:07.473Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Resource Exhaustion via POST Requests to send-sms Action",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41676",
        "datePublished": "2025-07-21T09:30:07.473Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:01.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41675 (GCVE-0-2025-41675)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:29 – Updated: 2025-11-03 19:59
    VLAI
    Title
    Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization
    Summary
    A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T15:00:42.591445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:45.460Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:59:00.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:29:57.024Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41675",
        "datePublished": "2025-07-21T09:29:57.024Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:59:00.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41674 (GCVE-0-2025-41674)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:29 – Updated: 2025-11-03 19:58
    VLAI
    Title
    Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
    Summary
    A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T17:04:43.501527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T17:05:33.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:58:58.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:29:43.181Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Injection in diagnostic Action Due to Improper Input Neutralization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41674",
        "datePublished": "2025-07-21T09:29:43.181Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:58:58.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41673 (GCVE-0-2025-41673)

    Vulnerability from cvelistv5 – Published: 2025-07-21 09:29 – Updated: 2025-11-03 19:58
    VLAI
    Title
    Remote Command Injection in send_sms Action Due to Improper Input Neutralization
    Summary
    A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0.0.0 , < 2.3.3 (semver)
    Create a notification for this product.
    Credits
    F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T17:05:45.438732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T17:06:11.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:58:57.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/38"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.3.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "F. Bruckmoser, M. Eder, J. Heigl, M. Heudorn, G. Hofmarcher, M. Kadlec, M. Pristauz-Telsnigg, S. Resch, P. Schweinzer, M. Gschiel from St. Poelten UAS"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T09:29:32.129Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-058"
            }
          ],
          "source": {
            "advisory": "VDE-2025-058, VDE-2025-059",
            "defect": [
              "CERT@VDE#641816",
              "CERT@VDE#641817"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Command Injection in send_sms Action Due to Improper Input Neutralization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41673",
        "datePublished": "2025-07-21T09:29:32.129Z",
        "dateReserved": "2025-04-16T11:17:48.308Z",
        "dateUpdated": "2025-11-03T19:58:57.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5672 (GCVE-0-2024-5672)

    Vulnerability from cvelistv5 – Published: 2024-07-03 12:26 – Updated: 2025-02-13 17:54
    VLAI
    Title
    Red Lion Europe: mbNET.mini vulnerable to OS command injection
    Summary
    A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Red Lion Europe mbNET.mini Affected: 0 , ≤ 2.2.11 (semver)
    Create a notification for this product.
    Helmholz REX 100 Affected: 0 , ≤ 2.2.11 (semver)
    Create a notification for this product.
    helmholz rex_100_firmware Affected: 0 , ≤ 2.2.11 (custom)
        cpe:2.3:a:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    redlion mbnet_mini Affected: 0 , ≤ 2.2.11 (custom)
        cpe:2.3:a:redlion:mbnet_mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sebastian Dietz CyberDanube
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex_100_firmware",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:redlion:mbnet_mini:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet_mini",
                "vendor": "redlion",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5672",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-11T19:03:51.830907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T19:49:42.244Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-030"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX 100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sebastian Dietz"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "CyberDanube"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high privileged remote attacker can\u0026nbsp;execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.\u003cbr\u003e"
                }
              ],
              "value": "A high privileged remote attacker can\u00a0execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-04T06:06:11.012Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-030"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-032"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/6"
            }
          ],
          "source": {
            "advisory": "VDE-2024-030",
            "defect": [
              "CERT@VDE#641635"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Red Lion Europe: mbNET.mini vulnerable to OS command injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-5672",
        "datePublished": "2024-07-03T12:26:44.599Z",
        "dateReserved": "2024-06-06T07:27:39.719Z",
        "dateUpdated": "2025-02-13T17:54:25.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202410-0405

    Vulnerability from variot - Updated: 2024-10-23 22:43

    An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rex 300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "5.1.11"
          },
          {
            "model": "mbnet.mini",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.3.1"
          },
          {
            "model": "mbnet",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "8.2.1"
          },
          {
            "model": "rex 100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "2.3.1"
          },
          {
            "model": "mymbconnect24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.16.3"
          },
          {
            "model": "rex 250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "8.2.1"
          },
          {
            "model": "mbspider mdh 916",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "rex 200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "8.2.1"
          },
          {
            "model": "mbspider mdh 915",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbspider mdh 905",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbspider mdh 906",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbnet hw1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "5.1.11"
          },
          {
            "model": "mbnet.rokey",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "8.2.1"
          },
          {
            "model": "myrex24 v2 virtual server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "2.16.3"
          },
          {
            "model": "mbconnect24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.16.3"
          },
          {
            "model": "mbnet",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbnet.mini",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbconnect24",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mymbconnect24",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "rex 300",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "myrex24 v2 virtual server",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "rex 100",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "rex 200",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "mbspider mdh 915",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 905",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbnet hw1",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 906",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 916",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "rex 250",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "mbnet.rokey",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "cve": "CVE-2024-45273",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-45273",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "info@cert.vde.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2024-45273",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-45273",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-45273",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2024-45273",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-45273",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-45273",
            "trust": 2.6
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-056",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-068",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-069",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-066",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "id": "VAR-202410-0405",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5
      },
      "last_update_date": "2024-10-23T22:43:38.071000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-261",
            "trust": 1.0
          },
          {
            "problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-056"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-066"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-068"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-069"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-10-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "date": "2024-10-15T11:15:11.940000",
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-10-18T03:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "date": "2024-10-17T17:41:43.017000",
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          }
        ],
        "trust": 0.8
      }
    }