Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MB connect line — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting MB connect line. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MB connect line is a software platform primarily utilized for managing and exchanging electronic documents, including invoices and orders, within business-to-business environments. Security audits have identified thirty-eight Common Vulnerabilities and Exposures (CVEs) associated with the system, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from inadequate input validation and improper access controls in earlier versions. These defects have allowed attackers to potentially compromise system integrity or access sensitive financial data. While recent updates have addressed many of these issues, the high volume of recorded CVEs suggests a need for rigorous patch management. Organizations deploying this solution must prioritize regular security assessments and ensure all components are updated to mitigate known risks effectively.

Top products by MB connect line: mbNET.mini mbCONNECT24 mymbCONNECT24 mbDIALUP MB connect line mbCONNECT24 mbNET HW1
CVE IDTitleCVSSSeverityPublished
CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint — mbCONNECT24CWE-497 5.3 Medium2026-04-02
CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint — mbCONNECT24CWE-89 7.5 High2026-04-02
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint — mbCONNECT24CWE-89 9.1 Critical2026-04-02
CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint — mbCONNECT24CWE-89 7.5 High2026-04-02
CVE-2026-33613 MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray — mbCONNECT24CWE-78 7.2 High2026-04-02
CVE-2026-32969 Pre-Auth Blind SQLi in userinfo Endpoint — MB connect line mbCONNECT24CWE-89 7.5 High2026-03-23
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi — MB connect line mbCONNECT24CWE-78 9.8 Critical2026-03-23
CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape — mbNET HW1CWE-653 7.2 High2025-07-31
CVE-2025-41681 Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input — mbNET.miniCWE-79 4.8 Medium2025-07-21
CVE-2025-41679 Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service — mbNET.miniCWE-787 5.3 Medium2025-07-21
CVE-2025-41678 SQL Injection via POST Requests Allowing Configuration Database Manipulation — mbNET.miniCWE-89 6.5 Medium2025-07-21
CVE-2025-41677 Resource Exhaustion via POST Requests to send-mail Action — mbNET.miniCWE-400 4.9 Medium2025-07-21
CVE-2025-41676 Resource Exhaustion via POST Requests to send-sms Action — mbNET.miniCWE-400 4.9 Medium2025-07-21
CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization — mbNET.miniCWE-78 7.2 High2025-07-21
CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization — mbNET.miniCWE-78 7.2 High2025-07-21
CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization — mbNET.miniCWE-78 7.2 High2025-07-21
CVE-2025-3091 MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24 — mbCONNECT24CWE-639 7.5 High2025-06-24
CVE-2025-3090 MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24 — mbCONNECT24CWE-306 8.2 High2025-06-24
CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function — mbCONNECT24CWE-306 9.1 Critical2025-03-18
CVE-2024-23942 MB connect line: Configuration File on the client workstation is not encrypted — mbCONNECT24CWE-312 7.1 High2025-03-18
CVE-2024-45276 MB connect line/Helmholz: tmp directory exposed via webservice — mbNET.miniCWE-306 7.5 High2024-10-15
CVE-2024-45275 MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords — mbNET.miniCWE-798 9.8 Critical2024-10-15
CVE-2024-45274 MB connect line/Helmholz: Remote code execution via confnet service — mbNET.miniCWE-306 9.8 Critical2024-10-15
CVE-2024-45273 MB connect line/Helmholz: Weak encryption of configuration file — mbNET.miniCWE-261 8.4 High2024-10-15
CVE-2024-45272 MB connect line/Helmholz: Generation of weak passwords vulnerability — mbCONNECT24CWE-1391 7.5 High2024-10-15
CVE-2024-45271 MB connect line/Helmholz: Remote code execution due to improper input validation — mbNET.miniCWE-94 8.4 High2024-10-15
CVE-2023-1779 Helmholz and MB Connect Line: Account takeover via password reset in multiple products — mbCONNECT24CWE-863 4.3 Medium2023-06-06
CVE-2023-0985 Helmholz and MB Connect Line: Account takeover via password reset in multiple products — mbCONNECT24CWE-639 8.8 High2023-06-06
CVE-2022-22520 User enumeration vulnerability in MB connect line and Helmholz products — mymbCONNECT24CWE-204 5.3 Medium2022-09-14
CVE-2021-34580 Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0 — mymbCONNECT24CWE-204 7.5 High2021-10-27

This page lists every published CVE security advisory associated with MB connect line. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.