CVE-2025-41764
CRITICAL WAF: Low
CVSS 9.1
Published: 2026-03-09
CWE-862
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | up to 6.0.1.0 |
References
- www.mbs-solutions.de (Vendor Advisory)