CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.mbs-solutions.de/mbs-2025-0001	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mbs-solutions:universal_bacnet_router_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mbs-solutions:ubr-01_mk_ii:-:::::::*
	cpe:2.3:h:mbs-solutions:ubr-02:-:::::::*
	cpe:2.3:h:mbs-solutions:ubr-lon:-:::::::*

History

No history.

Information

Published : 2026-03-09 09:16

Updated : 2026-03-11 18:27

NVD link : CVE-2025-41765

Mitre link : CVE-2025-41765

CVE.ORG link : CVE-2025-41765

JSON object : View

Products Affected

mbs-solutions

ubr-lon
universal_bacnet_router_firmware
ubr-02
ubr-01_mk_ii

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-41765", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2026-03-09T09:16:00.987", "references": [{"url": "https://www.mbs-solutions.de/mbs-2025-0001", "tags": ["Vendor Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys."}, {"lang": "es", "value": "Debido a una aplicaci\u00f3n de autorizaci\u00f3n insuficiente, un atacante remoto no autorizado puede explotar el endpoint wwwupload.cgi para cargar y aplicar datos arbitrarios. Esto incluye, pero no se limita a, im\u00e1genes de contacto, certificados HTTPS, copias de seguridad del sistema para restauraci\u00f3n, configuraciones de pares de servidor, y certificados y claves de servidor BACnet/SC."}], "lastModified": "2026-03-11T18:27:29.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mbs-solutions:universal_bacnet_router_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4E2B246-5465-41DB-BD9A-1533A7508790", "versionEndExcluding": "6.0.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mbs-solutions:ubr-01_mk_ii:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D812069-6738-4B82-992B-09BB239783AB"}, {"criteria": "cpe:2.3:h:mbs-solutions:ubr-02:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B21413DE-E1FA-4B5C-A415-F8E70D7090BF"}, {"criteria": "cpe:2.3:h:mbs-solutions:ubr-lon:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0C67EAC-C633-4037-B2C4-965455FFF2A0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}