VDE-2026-044
May 27, 2026, 1:00 PM
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
VDE-2026-054
May 27, 2026, 1:00 PM
Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
VDE-2026-030
April 2, 2026, 1:00 PM
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
VDE-2026-024
March 23, 2026, 1:00 PM
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
VDE-2025-065
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-058
July 21, 2025, 12:00 PM
Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-035
June 24, 2025, 12:00 PM
Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.
VDE-2025-034
June 24, 2025, 12:00 PM
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.