Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HMbs Solutions Ubr 01 Mk Ii
HWMbs-Solutionswszystkie wersjeMbs Solutions Ubr 02
HWMbs-Solutionswszystkie wersjeMbs Solutions Ubr Lon
HWMbs-Solutionswszystkie wersjeMbs Solutions Universal Bacnet Router Firmware
OSMbs-Solutions< 6.0.1.0
Related vulnerabilities
Brak autoryzacji w MBS-Solutions Universal BACnet Router — upload firmware
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused...
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs wi...
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoin...
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privi...