Details of VAR-202507-2454

ID

VAR-202507-2454

CVE

CVE-2025-41678

TITLE

MB CONNECT LINE mbNET.mini SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-21141

DESCRIPTION

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has a SQL injection vulnerability due to improperly neutralizing special elements in SQL statements. An attacker could exploit this vulnerability to modify the configuration database

Trust: 1.44

sources: NVD: CVE-2025-41678 // CNVD: CNVD-2025-21141

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21141

AFFECTED PRODUCTS

vendor:

model:

connect line mbnet.mini

scope:

version:

2.3.3

Trust: 0.6

sources: CNVD: CNVD-2025-21141

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com:	CVE-2025-41678
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-21141
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21141
severity:	HIGH
baseScore:	7.7
vectorString:	AV:N/AC:L/AU:M/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

info@cert.vde.com:	CVE-2025-41678
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-21141 // NVD: CVE-2025-41678

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2025-41678

PATCH

title:

Patch for MB CONNECT LINE mbNET.mini SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/731031

Trust: 0.6

sources: CNVD: CNVD-2025-21141

EXTERNAL IDS

db:	NVD	id:	CVE-2025-41678	Trust: 1.6
db:	CERT@VDE	id:	VDE-2025-058	Trust: 1.6
db:	CNVD	id:	CNVD-2025-21141	Trust: 0.6

sources: CNVD: CNVD-2025-21141 // NVD: CVE-2025-41678

REFERENCES

url:

https://certvde.com/de/advisories/vde-2025-058

Trust: 1.6

sources: CNVD: CNVD-2025-21141 // NVD: CVE-2025-41678

SOURCES

db:	CNVD	id:	CNVD-2025-21141
db:	NVD	id:	CVE-2025-41678

LAST UPDATE DATE

2025-09-13T23:14:04.067000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21141	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-41678	date:	2025-07-22T13:06:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21141	date:	2025-09-11T00:00:00
db:	NVD	id:	CVE-2025-41678	date:	2025-07-21T10:15:24.980