CVE-2025-41761

High CVSS: 7.8

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.

Vendor

Mbs-solutions

Product

Universal Bacnet Router Firmware

CWE

CWE-88

Yayın Tarihi

2026-03-09 09:16:00

Güncelleme

2026-03-11 18:27:21

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-88 Universal Bacnet Router Firmware HIGH Mbs-solutions 2026

Referanslar

https://www.mbs-solutions.de/mbs-2025-0001

Benzer Kayıtlar

High

CVE-2025-41766

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr…

High

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in…

High

CVE-2025-41772

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL…

Medium

CVE-2025-41760

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an…

Medium

CVE-2025-41762

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth…

Medium

CVE-2025-41763

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource availabl…