{"api_version":"1","generated_at":"2026-04-23T17:16:43+00:00","cve":"CVE-2021-33527","urls":{"html":"https://cve.report/CVE-2021-33527","api":"https://cve.report/api/cve/CVE-2021-33527.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-33527","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-33527"},"summary":{"title":"CVE-2021-33527","description":"In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.","state":"PUBLIC","assigner":"info@cert.vde.com","published_at":"2021-08-02 11:15:00","updated_at":"2022-04-29 17:47:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://cert.vde.com/de-de/advisories/vde-2021-017","name":"https://cert.vde.com/de-de/advisories/vde-2021-017","refsource":"CONFIRM","tags":[],"title":"MB connect line: Privilege escalation in mbDIALUP <= 3.9R0.0 — German (Germany)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-33527","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33527","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"33527","vulnerable":"1","versionEndIncluding":"3.9r0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mbconnectline","cpe5":"mbdialup","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-33527","qid":"590653","title":"MB connect line mbDIALUP Privilege escalation Vulnerability (VDE-2021-017)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"info@cert.vde.com","DATE_PUBLIC":"2021-07-23T12:50:00.000Z","ID":"CVE-2021-33527","STATE":"PUBLIC","TITLE":"OS Command Injection in mbDIALUP <= 3.9R0.0"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"mbDIALUP","version":{"version_data":[{"version_affected":"<=","version_name":"3.9R0.0","version_value":"3.9R0.0"}]}}]},"vendor_name":"MB connect line"}]}},"credit":[{"lang":"eng","value":"Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://cert.vde.com/de-de/advisories/vde-2021-017","refsource":"CONFIRM","url":"https://cert.vde.com/de-de/advisories/vde-2021-017"}]},"solution":[{"lang":"eng","value":"Update to version 3.9R0.5"}],"source":{"advisory":"VDE-2021-017","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-08-02 11:15:00","lastModifiedDate":"2022-04-29 17:47:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mbconnectline:mbdialup:*:*:*:*:*:*:*:*","versionEndIncluding":"3.9r0.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"33527","Ordinal":"208934","Title":"CVE-2021-33527","CVE":"CVE-2021-33527","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"33527","Ordinal":"1","NoteData":"In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM that won't be validated correctly and allows for an arbitrary code execution with the privileges of the service.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"33527","Ordinal":"2","NoteData":"2021-08-02","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"33527","Ordinal":"3","NoteData":"2021-08-02","Type":"Other","Title":"Modified"}]}}}