Mbs Ubr-01 Mk Ii
15 CVEs affecting Mbs Ubr-01 Mk Ii. Latest disclosed: 2026-03-09. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41765 | Critical | 9.1 | 2026-03-09 | Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This… |
CVE-2025-41764 | Critical | 9.1 | 2026-03-09 | Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates. |
CVE-2025-41766 | High | 8.8 | 2026-03-09 | A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full devic… |
CVE-2025-41758 | High | 8.8 | 2026-03-09 | A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwri… |
CVE-2025-41757 | High | 8.8 | 2026-03-09 | A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the… |
CVE-2025-41756 | High | 8.1 | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the sys… |
CVE-2025-41761 | High | 7.8 | 2026-03-09 | A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due t… |
CVE-2025-41772 | High | 7.5 | 2026-03-09 | An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoin… |
CVE-2025-41767 | High | 7.2 | 2026-03-09 | A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web in… |
CVE-2025-41763 | Medium | 6.5 | 2026-03-09 | A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system b… |
CVE-2025-41755 | Medium | 6.5 | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter speci… |
CVE-2025-41754 | Medium | 6.5 | 2026-03-09 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the syst… |
CVE-2025-41762 | Medium | 6.2 | 2026-03-09 | An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, includ… |
CVE-2025-41760 | Medium | 4.9 | 2026-03-09 | An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restric… |
CVE-2025-41759 | Medium | 4.9 | 2026-03-09 | An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not tr… |