Skip to main content

Universal Bacnet Router Firmware CVE-2025-41764

CRITICAL
Missing Authorization (CWE-862)
2026-03-09 info@cert.vde.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:56 vuln.today
CVE Published
Mar 09, 2026 - 09:16 nvd
CRITICAL 9.1

DescriptionCVE.org

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.

AnalysisAI

Unauthorized firmware upload via wwwupdate.cgi endpoint due to insufficient authorization. Remote attackers can upload and apply arbitrary firmware updates.

Technical ContextAI

CWE-862 missing authorization on firmware update endpoint. Attackers can push arbitrary firmware.

RemediationAI

Apply vendor patch. Restrict management access.

CVE-2025-41765 CRITICAL
9.1 Mar 09

Unauthorized file upload via wwwupload.cgi endpoint. Same product as CVE-2025-41764 — second unauthorized upload vector.

CVE-2025-41757 HIGH
8.8 Mar 09

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevate

CVE-2025-41758 HIGH
8.8 Mar 09

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to

CVE-2025-41766 HIGH
8.8 Mar 09

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr

CVE-2025-41756 HIGH
8.1 Mar 09

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo

CVE-2025-41761 HIGH
7.8 Mar 09

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to o

CVE-2025-41772 HIGH
7.5 Mar 09

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL

CVE-2025-41767 HIGH
7.2 Mar 09

Universal Bacnet Router Firmware is affected by improper verification of cryptographic signature (CVSS 7.2).

CVE-2025-41755 MEDIUM
6.5 Mar 09

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system.

CVE-2025-41754 MEDIUM
6.5 Mar 09

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpo

CVE-2025-41763 MEDIUM
6.5 Mar 09

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource availabl

CVE-2025-41762 MEDIUM
6.2 Mar 09

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauth

Share

CVE-2025-41764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy