CVE-2025-41764
Received
Received - Intake
Unauthorized Update Upload via wwwupdate.cgi Remote Code Execution
Publication date: 2026-03-09
Last updated on: 2026-03-11
Assigner: CERT VDE
Description
Description
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | to 6.0.1.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability arises from insufficient authorization enforcement in the wwwupdate.cgi endpoint. It allows an unauthorized remote attacker to upload and apply arbitrary updates to the system.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can apply arbitrary updates remotely without authorization, potentially leading to significant integrity and availability impacts on the affected system.
What immediate steps should I take to mitigate this vulnerability?
I don't know
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70