Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mbconnectline Subscribe
Filtered by product Mbdialup
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33527 1 Mbconnectline 1 Mbdialup 2022-04-29 10.0 HIGH 9.8 CRITICAL
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
CVE-2021-33526 1 Mbconnectline 1 Mbdialup 2021-08-10 7.2 HIGH 7.8 HIGH
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.