Mbconnectline Mbnet.mini Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Mbconnectline Mbnet.mini Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-45274 — CVSS 9.8 (critical): An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
CVE-2024-45275 — CVSS 9.8 (critical): The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of…
CVE-2024-45273 — CVSS 8.4 (high): An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of…
CVE-2024-45271 — CVSS 8.4 (high): An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
CVE-2024-45276 — CVSS 7.5 (high): An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
CVE-2025-41674 — CVSS 7.2 (high): A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper…
CVE-2025-41673 — CVSS 7.2 (high): A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper…
CVE-2025-41675 — CVSS 7.2 (high): A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to…
CVE-2025-41678 — CVSS 6.5 (medium): A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements…
CVE-2025-41679 — CVSS 5.3 (medium): An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects…
CVE-2025-41676 — CVSS 4.9 (medium): A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms…
CVE-2025-41677 — CVSS 4.9 (medium): A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail…
CVE-2025-41681 — CVSS 4.8 (medium): A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to…