VDE-2025-065
Juli 31, 2025, 12:00 nachm.
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-058
Juli 21, 2025, 12:00 nachm.
Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-035
Juni 24, 2025, 12:00 nachm.
Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.
VDE-2025-034
Juni 24, 2025, 12:00 nachm.
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2024-010
Aug. 27, 2025, 12:00 nachm.
The data24 service that is bundled with every installation of mbCONNECT24/mymbCONNECT24 has two serious flaws in core components. These combined can lead to a complete loss of confidentiality, integrity and …
VDE-2024-056
Aug. 27, 2025, 12:00 nachm.
Multiple vulnerabilities have been discovered in MB connect line mbNET.mini product allowing for RCE or unauthorized file access.
VDE-2024-068
Mai 14, 2025, 2:28 nachm.
Multiple vulnerabilities have been discovered in MB connect line products that could allow RCE or unauthorized file access. CVE-2024-45272 affects the mbCONNECT24 and mymbCONNECT24 products, while CVE-2024-45273 affects the mbNET/mbNET.rokey, …
VDE-2024-030
Juli 3, 2024, 11:00 vorm.
There exists a vulnerability in all mbNET.mini devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests. Update: 03.07.2024 3:30 pm …