Unsecured Backup on Apache Server Allows Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.2

Unsecured Backup on Apache Server Allows Unauthorized Access

CVE-2025-41762

Summary

The Apache server's backup feature stores sensitive data in an easily accessible location. This means a malicious attacker could potentially get unauthorized access to passwords and certificates stored on the server. To fix this, ensure the backup files are properly secured or the feature is disabled.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mbs-solutions	universal_bacnet_router_firmware	<= 6.0.1.0	–

Original title

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.

Original description

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.

nvd CVSS3.1 6.2

Vulnerability type

CWE-328

https://www.mbs-solutions.de/mbs-2025-0001

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026