HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-41772

CVSS 7.5v3.1pub. 2026-03-09upd. 2026-03-11

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Mbs Solutions Ubr 01 Mk Ii

    HW
    Mbs-Solutions
    wszystkie wersje
  • Mbs Solutions Ubr 02

    HW
    Mbs-Solutions
    wszystkie wersje
  • Mbs Solutions Ubr Lon

    HW
    Mbs-Solutions
    wszystkie wersje
  • Mbs Solutions Universal Bacnet Router Firmware

    OS
    Mbs-Solutions
    < 6.0.1.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-41765CRITICAL9.1PL βœ“ten sam produkt

Brak autoryzacji w MBS-Solutions Universal BACnet Router β€” nieautoryzowany upload plikΓ³w

CVE-2025-41764CRITICAL9.1PL βœ“ten sam produkt

Brak autoryzacji w MBS-Solutions Universal BACnet Router β€” upload firmware

CVE-2025-41756HIGH8.1ten sam produkt

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused...

CVE-2025-41758HIGH8.8ten sam produkt

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoin...

CVE-2025-41757HIGH8.8ten sam produkt

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs wi...

CVE-2025-41772 β€” Mbs-Solutions β€” Ubr-01 Mk Ii β€” HIGH β€” CVSS 7.5 | CVEbaza.pl