9.1
CVE-2025-41764
- EPSS 0.41%
- Veröffentlicht 09.03.2026 08:17:45
- Zuletzt bearbeitet 11.03.2026 18:27:27
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginUnchecked role in wwwupdate.cgi
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mbs-solutions ≫ Universal Bacnet Router Firmware Version < 6.0.1.0
Mbs-solutions ≫ Ubr-01 Mk Ii Version-
Mbs-solutions ≫ Ubr-02 Version-
Mbs-solutions ≫ Ubr-lon Version-
Mbs-solutions ≫ Ubr-02 Version-
Mbs-solutions ≫ Ubr-lon Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.323 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://www.mbs-solutions.de/mbs-2025-0001