Article No° | Product Name | Affected Version(s) |
---|---|---|
mbNET HW1 | <= 5.1.11 | |
mbNET/mbNET.rokey | < 7.3.0 |
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system compromise.
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
This vulnerability allows an authenticated remote attacker to fully compromise the system by executing arbitrary OS commands.
Remediation
Update mbNET/mbNET.rokey to at least version 7.3.0
Note: mbNET HW1 is EOL and will not receive any further updates.
CERT@VDE coordinated with MB connect line GmbH
Marcel Rick-Cen for reporting