CVE-2026-40818
HighSummary
The _mb24confi_getDevice function has an unauthenticated SQL Injection vulnerability due to improper neutralization of special elements in a SQL SELECT command. An attacker can exploit this flaw, resulting in a total loss of confidentiality.
Risk Assessment
The organization is at risk of losing sensitive data, which could lead to serious legal and reputational consequences.
Recommendation
It is recommended to implement appropriate safeguards, such as input validation and using parameters in SQL queries, to minimize the risk of attack.
Original NVD description (English source)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

