cbcvebase.
CVE-2021-33527
published 2021-08-02

CVE-2021-33527: In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.52%
90.3th percentile
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Affected

2 ranges
VendorProductVersion rangeFixed in
mb_connect_linembdialup3.9R0.0 – 3.9R0.0
mbconnectlinembdialup<= 3.9r0.0

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.