CVE-2025-41772

High CVSS: 7.5

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.

Vendor

Mbs-solutions

Product

Universal Bacnet Router Firmware

CWE

CWE-598

Yayın Tarihi

2026-03-09 09:16:01

Güncelleme

2026-03-11 18:23:33

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-598 Universal Bacnet Router Firmware HIGH Mbs-solutions 2026

Referanslar

https://www.mbs-solutions.de/mbs-2025-0001

Benzer Kayıtlar

High

CVE-2025-41766

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr…

High

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in…

Medium

CVE-2025-41760

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an…

High

CVE-2025-41761

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o…

Medium

CVE-2025-41762

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth…

Medium

CVE-2025-41763

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource availabl…