CVE-2025-41759

Medium CVSS: 4.9

An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all.

Vendor

Mbs-solutions

Product

Universal Bacnet Router Firmware

CWE

CWE-636

Yayın Tarihi

2026-03-09 09:15:59

Güncelleme

2026-03-11 18:26:52

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-636 Universal Bacnet Router Firmware MEDIUM Mbs-solutions 2026

Referanslar

https://www.mbs-solutions.de/mbs-2025-0001

Benzer Kayıtlar

High

CVE-2025-41766

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr…

High

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in…

High

CVE-2025-41772

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL…

Medium

CVE-2025-41760

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an…

High

CVE-2025-41761

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o…

Medium

CVE-2025-41762

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth…