CVE-2025-41763
MEDIUMwwwdnload.cgi - Info Disclosure
Title source: llmDescription
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.
References (1)
Scores
CVSS v3
6.5
EPSS
0.0001
EPSS Percentile
2.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-497
Status
published
Products (1)
mbs-solutions/universal_bacnet_router_firmware
< 6.0.1.0
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026