CVE-2025-41762

MEDIUM

wwwdnload.cgi - Info Disclosure

Title source: llm

Description

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.

References (1)

[Various Sources] https://www.mbs-solutions.de/mbs-2025-0001

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-328

Status published

Products (1)

mbs-solutions/universal_bacnet_router_firmware < 6.0.1.0

Published Mar 09, 2026

Tracked Since Mar 09, 2026