In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-20219 In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Fixes

Solution

Update to version 3.9R0.5


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2024-09-16T17:42:36.084Z

Reserved: 2021-05-24T00:00:00

Link: CVE-2021-33527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-02T11:15:11.287

Modified: 2024-11-21T06:09:00.660

Link: CVE-2021-33527

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.