Shodan
Vulnerabilities
Vulnerable Software
Mbconnectline:  >> Mbnet.mini Firmware  Security Vulnerabilities
CVE-2025-41679
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-21
CVE-2025-41681
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-07-21
CVE-2025-41674
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-07-21
CVE-2025-41675
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-07-21
CVE-2025-41676
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-07-21
CVE-2025-41677
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-07-21
CVE-2025-41678
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-07-21
CVE-2025-41673
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-07-21
CVE-2024-45274
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-10-15
CVE-2024-45275
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-10-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved