Details of VAR-202507-2456

ID

VAR-202507-2456

CVE

CVE-2025-41673

TITLE

MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability (CNVD-2025-21144)

Trust: 0.6

sources: CNVD: CNVD-2025-21144

DESCRIPTION

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has an operating system command injection vulnerability. This vulnerability stems from improper neutralization of special elements in the send_sms operation. An attacker could exploit this vulnerability to remotely execute system commands

Trust: 1.44

sources: NVD: CVE-2025-41673 // CNVD: CNVD-2025-21144

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21144

AFFECTED PRODUCTS

vendor:

model:

connect line mbnet.mini

scope:

version:

2.3.3

Trust: 0.6

sources: CNVD: CNVD-2025-21144

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com:	CVE-2025-41673
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-21144
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21144
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

info@cert.vde.com:	CVE-2025-41673
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-21144 // NVD: CVE-2025-41673

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-41673

PATCH

title:

Patch for MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability (CNVD-2025-21144)

url:

https://www.cnvd.org.cn/patchInfo/show/731046

Trust: 0.6

sources: CNVD: CNVD-2025-21144

EXTERNAL IDS

db:	CERT@VDE	id:	VDE-2025-058	Trust: 1.6
db:	NVD	id:	CVE-2025-41673	Trust: 1.6
db:	CNVD	id:	CNVD-2025-21144	Trust: 0.6

sources: CNVD: CNVD-2025-21144 // NVD: CVE-2025-41673

REFERENCES

url:

https://certvde.com/de/advisories/vde-2025-058

Trust: 1.6

sources: CNVD: CNVD-2025-21144 // NVD: CVE-2025-41673

SOURCES

db:	CNVD	id:	CNVD-2025-21144
db:	NVD	id:	CVE-2025-41673

LAST UPDATE DATE

2025-09-13T23:14:04.051000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21144	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-41673	date:	2025-07-22T13:06:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21144	date:	2025-09-11T00:00:00
db:	NVD	id:	CVE-2025-41673	date:	2025-07-21T10:15:23.400