Details of VAR-202507-2458

ID

VAR-202507-2458

CVE

CVE-2025-41677

TITLE

MB CONNECT LINE mbNET.mini Resource Management Error Vulnerability (CNVD-2025-21146)

Trust: 0.6

sources: CNVD: CNVD-2025-21146

DESCRIPTION

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. MB CONNECT LINE's mbNET.mini is an industrial router designed for industrial scenarios, primarily used to enable secure remote connections between machines and systems. MB CONNECT LINE's mbNET.mini contains a resource management vulnerability. Detailed vulnerability details are not currently available

Trust: 1.44

sources: NVD: CVE-2025-41677 // CNVD: CNVD-2025-21146

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-21146

AFFECTED PRODUCTS

vendor:

model:

connect line mbnet.mini

scope:

version:

2.3.3

Trust: 0.6

sources: CNVD: CNVD-2025-21146

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com:	CVE-2025-41677
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-21146
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-21146
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

info@cert.vde.com:	CVE-2025-41677
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-21146 // NVD: CVE-2025-41677

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.0

sources: NVD: CVE-2025-41677

PATCH

title:

Patch for MB CONNECT LINE mbNET.mini Resource Management Error Vulnerability (CNVD-2025-21146)

url:

https://www.cnvd.org.cn/patchInfo/show/731056

Trust: 0.6

sources: CNVD: CNVD-2025-21146

EXTERNAL IDS

db:	NVD	id:	CVE-2025-41677	Trust: 1.6
db:	CERT@VDE	id:	VDE-2025-058	Trust: 1.0
db:	CNVD	id:	CNVD-2025-21146	Trust: 0.6

sources: CNVD: CNVD-2025-21146 // NVD: CVE-2025-41677

REFERENCES

url:	https://certvde.com/de/advisories/vde-2025-058	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-41677	Trust: 0.6

sources: CNVD: CNVD-2025-21146 // NVD: CVE-2025-41677

SOURCES

db:	CNVD	id:	CNVD-2025-21146
db:	NVD	id:	CVE-2025-41677

LAST UPDATE DATE

2025-09-13T23:14:04.100000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-21146	date:	2025-09-12T00:00:00
db:	NVD	id:	CVE-2025-41677	date:	2025-07-22T13:06:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-21146	date:	2025-09-11T00:00:00
db:	NVD	id:	CVE-2025-41677	date:	2025-07-21T10:15:24.840