Home/Product/mbconnectline mbnet.mini firmware
Product

mbconnectline mbnet.mini firmware

13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-41681
< 2.3.3
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements use
4.8MEDIUM
 CVE-2025-41679
< 2.3.3
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that af
5.3MEDIUM
 CVE-2025-41678
< 2.3.3
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special
6.5MEDIUM
 CVE-2025-41677
< 2.3.3
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-
4.9MEDIUM
 CVE-2025-41676
< 2.3.3
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-
4.9MEDIUM
 CVE-2025-41675
< 2.3.3
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script
7.2HIGH
 CVE-2025-41674
< 2.3.3
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper
7.2HIGH
 CVE-2025-41673
< 2.3.3
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper n
7.2HIGH
 CVE-2024-45276
< 2.3.1
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
7.5HIGH
 CVE-2024-45275
< 2.3.1
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full c
9.8CRITICAL
 CVE-2024-45274
< 2.3.1
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
9.8CRITICAL
 CVE-2024-45273
< 2.3.1
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementa
8.4HIGH
 CVE-2024-45271
< 2.3.1
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
8.4HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh