Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
Admin mistake can leave network vulnerable to all incoming connections
CVE-2025-41759
Summary
An administrator can accidentally disable network blocking, leaving the system open to all network traffic. This can be a serious security risk if not addressed. To prevent this, administrators should carefully review network configuration settings and ensure they are using valid network identifiers.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | <= 6.0.1.0 | – |
Original title
An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, t...
Original description
An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all.
nvd CVSS3.1
4.9
Vulnerability type
CWE-636
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026