Mbdialup
Vulnerabilities
2
Known exploited
0
Max CVSS
9.8
Top EPSS
0.04524
Severity breakdown
Critical
1
High
1
Medium
0
Low
0
Affected version ranges
≤ 3.9r0.0
Also matched as (raw): mbdialup
Top vulnerabilities
CVE-2021-33527In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
CVE-2021-33526In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.