Arbitrary Code Execution Vulnerability in MB connect line mbDIALUP versions <= 3.9R0.0

Arbitrary Code Execution Vulnerability in MB connect line mbDIALUP versions <= 3.9R0.0

CVE-2021-33527 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Learn more about our Web Application Penetration Testing UK.