CVE-2025-41764
CRITICALwwwupdate.cgi - Auth Bypass
Title source: llmDescription
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
References (1)
Scores
CVSS v3
9.1
EPSS
0.0010
EPSS Percentile
28.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Classification
CWE
CWE-862
Status
draft
Timeline
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026