Details of VAR-202507-2457

ID

VAR-202507-2457

CVE

CVE-2025-41674

TITLE

MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-21142

DESCRIPTION

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. MB CONNECT LINE's mbNET.mini is an industrial router designed specifically for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini has an operating system command injection vulnerability. This vulnerability stems from improperly neutralizing special elements in OS commands. An attacker could exploit this vulnerability to execute arbitrary system commands

Trust: 1.44

sources: NVD: CVE-2025-41674 // CNVD: CNVD-2025-21142

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21142

AFFECTED PRODUCTS

vendor:

model:

connect line mbnet.mini

scope:

version:

2.3.3

Trust: 0.6

sources: CNVD: CNVD-2025-21142

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com:	CVE-2025-41674
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-21142
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-21142
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

info@cert.vde.com:	CVE-2025-41674
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-21142 // NVD: CVE-2025-41674

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-41674

PATCH

title:

Patch for MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/731036

Trust: 0.6

sources: CNVD: CNVD-2025-21142

EXTERNAL IDS

db:	NVD	id:	CVE-2025-41674	Trust: 1.6
db:	CERT@VDE	id:	VDE-2025-058	Trust: 1.6
db:	CNVD	id:	CNVD-2025-21142	Trust: 0.6

sources: CNVD: CNVD-2025-21142 // NVD: CVE-2025-41674

REFERENCES

url:

https://certvde.com/de/advisories/vde-2025-058

Trust: 1.6

sources: CNVD: CNVD-2025-21142 // NVD: CVE-2025-41674

SOURCES

db:	CNVD	id:	CNVD-2025-21142
db:	NVD	id:	CVE-2025-41674

LAST UPDATE DATE

2025-09-13T23:14:04.035000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21142	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-41674	date:	2025-07-22T13:06:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21142	date:	2025-09-11T00:00:00
db:	NVD	id:	CVE-2025-41674	date:	2025-07-21T10:15:24.363