cvedb.io
CVE-2021-33527
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-08-02T11:15:11.287 · Last modified 2026-06-17T03:54:43.317

Summary

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Affected products

mbconnectline — mbdialup

Does this affect you?

Add your gear to cvedb and we'll alert you only when mbconnectline ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.