CVE-2021-33527 CRITICAL

CVE-2021-33527: OS Command Injection in mbDIALUP <= 3.9R0.0

Vendor Mb Connect Line

Product mbDIALUP

Weakness CWE-20 · Input validation

Published August 2, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Key dates

02Disclosure timeline

August 2, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-33527

Related vulnerabilities

CVE-2021-33527: OS Command Injection in mbDIALUP <= 3.9R0.0

01Description

02Disclosure timeline

03References

04Related CVE