HIGH🇬🇧 English

CVE-2025-41761

CVSS 7.8v3.1pub. 2026-03-09upd. 2026-03-11

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Mbs Solutions Ubr 01 Mk Ii

    HW
    Mbs-Solutions
    wszystkie wersje
  • Mbs Solutions Ubr 02

    HW
    Mbs-Solutions
    wszystkie wersje
  • Mbs Solutions Ubr Lon

    HW
    Mbs-Solutions
    wszystkie wersje
  • Mbs Solutions Universal Bacnet Router Firmware

    OS
    Mbs-Solutions
    < 6.0.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2025-41765CRITICAL9.1PL ✓ten sam produkt

Brak autoryzacji w MBS-Solutions Universal BACnet Router — nieautoryzowany upload plików

CVE-2025-41764CRITICAL9.1PL ✓ten sam produkt

Brak autoryzacji w MBS-Solutions Universal BACnet Router — upload firmware

CVE-2025-41756HIGH8.1ten sam produkt

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused...

CVE-2025-41758HIGH8.8ten sam produkt

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoin...

CVE-2025-41757HIGH8.8ten sam produkt

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs wi...