HIGHCVE-2026-40852Published Modified CNA CERTVDE
CVE-2026-40852: Command injection via malicious configuration
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Metrics
- CVSS v3.1
- 7.2
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 8
Affected packages
- MB connect line / mbNET/mbNET.rokey≤ 8.4.4
- MB connect line / mbNET.mini≤ 3.0.2
- MB connect line / mbNET/mbNET.rokey8.4.4
- MB connect line / mbNET.mini3.0.2
- Helmholz / REX200/250≤ 8.4.4
- Helmholz / REX100≤ 3.0.2
- Helmholz / REX200/2508.4.4
- Helmholz / REX1003.0.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HReferences