A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMbs Solutions Ubr 01 Mk Ii
HWMbs-Solutionswszystkie wersjeMbs Solutions Ubr 02
HWMbs-Solutionswszystkie wersjeMbs Solutions Ubr Lon
HWMbs-Solutionswszystkie wersjeMbs Solutions Universal Bacnet Router Firmware
OSMbs-Solutions< 6.0.1.0
Related vulnerabilities
Brak autoryzacji w MBS-Solutions Universal BACnet Router — nieautoryzowany upload plików
Brak autoryzacji w MBS-Solutions Universal BACnet Router — upload firmware
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused...
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoin...
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs wi...