CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-41688 – High Privilege RCE via LUA Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-41688
31 Jul 2025 — A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. Un atacante remoto con altos privilegios puede ejecutar comandos arbitrarios del sistema operativo utilizando un método no documentado que le permite escapar del entorno de pruebas LUA implementado. • https://certvde.com/de/advisories/VDE-2025-065 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41681 – Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
https://notcve.org/view.php?id=CVE-2025-41681
21 Jul 2025 — A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41679 – Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service
https://notcve.org/view.php?id=CVE-2025-41679
21 Jul 2025 — An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41678 – SQL Injection via POST Requests Allowing Configuration Database Manipulation
https://notcve.org/view.php?id=CVE-2025-41678
21 Jul 2025 — A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41677 – Resource Exhaustion via POST Requests to send-mail Action
https://notcve.org/view.php?id=CVE-2025-41677
21 Jul 2025 — A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41676 – Resource Exhaustion via POST Requests to send-sms Action
https://notcve.org/view.php?id=CVE-2025-41676
21 Jul 2025 — A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41675 – Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization
https://notcve.org/view.php?id=CVE-2025-41675
21 Jul 2025 — A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41674 – Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
https://notcve.org/view.php?id=CVE-2025-41674
21 Jul 2025 — A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-41673 – Remote Command Injection in send_sms Action Due to Improper Input Neutralization
https://notcve.org/view.php?id=CVE-2025-41673
21 Jul 2025 — A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. Helmholz Industrial Router REX100 versions prior to 2.3.3 and MBConnectline mbNET.mini versions prior to 2.3.3 suffer from buffer overflow, command injection, denial of service, cross site scripting, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/207683 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-3092 – MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24
https://notcve.org/view.php?id=CVE-2025-3092
24 Jun 2025 — An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. • https://certvde.com/en/advisories/VDE-2025-035 • CWE-204: Observable Response Discrepancy •