URGENT: High-Risk Update Signature Bypass in UBR Web Interface

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

URGENT: High-Risk Update Signature Bypass in UBR Web Interface

CVE-2025-41767

Summary

Attackers with high-level access can take control of the device by exploiting a weakness in the way it checks software updates. This could allow them to make unauthorized changes to the device. It's essential to update the device immediately to fix this vulnerability.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mbs-solutions	universal_bacnet_router_firmware	<= 6.0.1.0	–

Original title

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.

Original description

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.

nvd CVSS3.1 7.2

Vulnerability type

CWE-347 Improper Verification of Cryptographic Signature

https://www.mbs-solutions.de/mbs-2025-0001

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026