Mb Connect Line Mbdialup vulnerabilities
2 known vulnerabilities affecting mb_connect_line/mbdialup.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-33527P2CRITICALCVSS 9.8≥ 3.9R0.0, ≤ 3.9R0.02021-08-02
CVE-2021-33527 [CRITICAL] CWE-20 CVE-2021-33527: In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HT
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
nvd
CVE-2021-33526P3HIGHCVSS 7.8≥ 3.9R0.0, ≤ 3.9R0.02021-08-02
CVE-2021-33526 [HIGH] CWE-269 CVE-2021-33526: In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command t
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
nvd