Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
UBR Pass Filter Empty Table Allows All Network Traffic
CVE-2025-41760
Summary
A configuration error in UBR can allow all network traffic to pass, bypassing intended security restrictions. This can lead to unauthorized access and data breaches. To mitigate this, ensure that pass filters are properly configured with valid rules.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | <= 6.0.1.0 | – |
Original title
An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic t...
Original description
An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered.
nvd CVSS3.1
4.9
Vulnerability type
CWE-636
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026