CVE-2025-41764
CRITICALwwwupdate.cgi - Auth Bypass
Title source: llmDescription
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
References (1)
Scores
CVSS v3
9.1
EPSS
0.0005
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
mbs-solutions/universal_bacnet_router_firmware
< 6.0.1.0
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026