Universal Bacnet Router Firmware
CVE-2025-41756
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
AnalysisAI
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system. [CVSS 8.1 HIGH]
Technical ContextAI
Affects Universal Bacnet Router Firmware. A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Unauthorized firmware upload via wwwupdate.cgi endpoint due to insufficient authorization. Remote attackers can upload a
Unauthorized file upload via wwwupload.cgi endpoint. Same product as CVE-2025-41764 — second unauthorized upload vector.
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevate
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL
Universal Bacnet Router Firmware is affected by improper verification of cryptographic signature (CVSS 7.2).
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system.
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource availabl
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today