📦 Universal Bacnet Router Firmware

This vulnerability allows unauthorized remote attackers to upload and apply arbitrary updates via the wwwupdate.cgi endpoint due to insufficient authorization enforcement. Systems running affected sof...

A low-privileged remote attacker can exploit a stack-based buffer overflow vulnerability in the ubr-network method via crafted HTTP POST requests, leading to arbitrary code execution and full device c...

An unauthenticated remote attacker can steal valid session tokens from UBR devices because tokens are exposed in plaintext within URL parameters of the wwwupdate.cgi endpoint. This affects UBR devices...

A local privilege escalation vulnerability allows low-privileged attackers with access to the UBR service account to gain full system control. This occurs because the service account can execute privi...

CVE-2025-41756 allows low-privileged remote attackers to write arbitrary files via an undocumented API endpoint (ubr-editfile method in wwwubr.cgi). This affects systems running vulnerable versions of...

A low-privileged remote attacker can exploit a path traversal vulnerability in the wwupload.cgi endpoint to write arbitrary files on affected systems. This can lead to complete system compromise by ov...

This vulnerability allows network traffic to bypass intended filtering rules when administrators configure an empty pass filter table in UBR systems. Administrators who rely on this configuration to b...

This vulnerability allows low-privileged remote attackers to access sensitive administrative resources through the wwwdnload.cgi endpoint. Attackers can download system backups, certificate request fi...

CVE-2025-41754 allows low-privileged remote attackers to read arbitrary files on affected systems by exploiting an undocumented API endpoint (ubr-editfile method in wwwubr.cgi). This affects systems r...