threat
engine
.sh
Back
·
··:··
Home
/
Product
/
mbs solutions universal bacnet router firmware
Product
mbs solutions universal bacnet router firmware
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-41772
< 6.0.1.0
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters
7.5
HIGH
CVE-2025-41767
< 6.0.1.0
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwup
7.2
HIGH
CVE-2025-41766
< 6.0.1.0
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network m
8.8
HIGH
CVE-2025-41765
< 6.0.1.0
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload an
9.1
CRITICAL
CVE-2025-41764
< 6.0.1.0
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload an
9.1
CRITICAL
CVE-2025-41763
< 6.0.1.0
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to adm
6.5
MEDIUM
CVE-2025-41762
< 6.0.1.0
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized acc
6.2
MEDIUM
CVE-2025-41761
< 6.0.1.0
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain fu
7.8
HIGH
CVE-2025-41760
< 6.0.1.0
An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list
4.9
MEDIUM
CVE-2025-41759
< 6.0.1.0
An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values ar
4.9
MEDIUM
CVE-2025-41758
< 6.0.1.0
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path trave
8.8
HIGH
CVE-2025-41757
< 6.0.1.0
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileg
8.8
HIGH
CVE-2025-41756
< 6.0.1.0
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to wri
8.1
HIGH
CVE-2025-41755
< 6.0.1.0
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpo
6.5
MEDIUM
CVE-2025-41754
< 6.0.1.0
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to rea
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin