CVE-2024-5672 HIGH

CVE-2024-5672: Red Lion Europe: mbNET.mini vulnerable to OS command injection

Vendor Red Lion Europe

Product mbNET.mini

Weakness CWE-78

Published July 3, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.

Key dates

02Disclosure timeline

July 3, 2024 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5672 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2024-5672

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Red Lion Europe

Product mbNET.mini

Affected ≤ 2.2.11

Vendor Helmholz

Product REX 100

Affected ≤ 2.2.11

CVE-2024-5672: Red Lion Europe: mbNET.mini vulnerable to OS command injection

01Description

02Disclosure timeline

03References

04Related CVE