Universal Bacnet Router Firmware
CVE-2025-41755
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.
AnalysisAI
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. [CVSS 6.5 MEDIUM]
Technical ContextAI
Classified as CWE-22 (Path Traversal). Affects Universal Bacnet Router Firmware. A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.
RemediationAI
Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.
Unauthorized firmware upload via wwwupdate.cgi endpoint due to insufficient authorization. Remote attackers can upload a
Unauthorized file upload via wwwupload.cgi endpoint. Same product as CVE-2025-41764 — second unauthorized upload vector.
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevate
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL
Universal Bacnet Router Firmware is affected by improper verification of cryptographic signature (CVSS 7.2).
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource availabl
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today