CVE-2025-41758
- EPSS 0.08%
- Veröffentlicht 09.03.2026 08:16:30
- Zuletzt bearbeitet 11.03.2026 18:26:47
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.
CVE-2025-41757
- EPSS 0.09%
- Veröffentlicht 09.03.2026 08:16:20
- Zuletzt bearbeitet 11.03.2026 18:26:45
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the syste...
CVE-2025-41756
- EPSS 0.04%
- Veröffentlicht 09.03.2026 08:16:10
- Zuletzt bearbeitet 11.03.2026 18:26:43
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
CVE-2025-41755
- EPSS 0.02%
- Veröffentlicht 09.03.2026 08:16:00
- Zuletzt bearbeitet 11.03.2026 18:26:28
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not prop...
CVE-2025-41754
- EPSS 0.02%
- Veröffentlicht 09.03.2026 08:15:49
- Zuletzt bearbeitet 11.03.2026 18:26:22
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.