CVE-2025-41757

High CVSS: 8.8

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.

Vendor

Mbs-solutions

Product

Universal Bacnet Router Firmware

CWE

CWE-22

Yayın Tarihi

2026-03-09 09:15:59

Güncelleme

2026-03-11 18:26:45

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-22 Universal Bacnet Router Firmware HIGH Mbs-solutions 2026

Referanslar

https://www.mbs-solutions.de/mbs-2025-0001

Benzer Kayıtlar

High

CVE-2025-41766

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr…

High

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in…

High

CVE-2025-41772

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL…

Medium

CVE-2025-41760

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an…

High

CVE-2025-41761

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o…

Medium

CVE-2025-41762

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth…