Mbs-solutions Universal Bacnet Router Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Mbs-solutions Universal Bacnet Router Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-41765 — CVSS 9.1 (critical): Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply…
CVE-2025-41764 — CVSS 9.1 (critical): Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply…
CVE-2025-41758 — CVSS 8.8 (high): A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this…
CVE-2025-41757 — CVSS 8.8 (high): A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and…
CVE-2025-41766 — CVSS 8.8 (high): A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method…
CVE-2025-41756 — CVSS 8.1 (high): A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write…
CVE-2025-41761 — CVSS 7.8 (high): A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system…
CVE-2025-41772 — CVSS 7.5 (high): An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the…
CVE-2025-41767 — CVSS 7.2 (high): A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi…
CVE-2025-41754 — CVSS 6.5 (medium): A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read…
CVE-2025-41763 — CVSS 6.5 (medium): A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to…
CVE-2025-41755 — CVSS 6.5 (medium): A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint…
CVE-2025-41762 — CVSS 6.2 (medium): An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to…
CVE-2025-41759 — CVSS 4.9 (medium): An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not…
CVE-2025-41760 — CVSS 4.9 (medium): An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not…