Home
CRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Description
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
0.0.0 (semver)
0.0.0 (semver)
0.0.0 (semver)
0.0.0 (semver)
Credits
Moritz Abrell, Christian Zäske from SySS GmbH
References
certvde.com/de/advisories/VDE-2026-024
certvde.com/de/advisories/VDE-2026-025