Vulnerability Details CVE-2021-33527
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.064
EPSS Ranking 90.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2021-33527
-
cpe:2.3:a:mbconnectline:mbdialup:-
-
cpe:2.3:a:mbconnectline:mbdialup:3.9r0.0