CVE-2025-41758 PUBLISHED

Arbitrary Write with wwwupload.cgi

Assigner: CERTVDE
Reserved: 16.04.2025 Published: 09.03.2026 Updated: 09.03.2026

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	MBS
Product	UBR-01 Mk II
Versions	Default: unaffected affected from 0.0.0 to 6.0.1.0 (excl.)

Vendor	MBS
Product	UBR-02
Versions	Default: unaffected affected from 0.0.0 to 6.0.1.0 (excl.)

Vendor	MBS
Product	UBR-LON
Versions	Default: unaffected affected from 0.0.0 to 6.0.1.0 (excl.)

Credits

Adrien Rey from Cyber Defense Campus Zurich finder
Daniel Hulliger from Armasuisse finder

References

https://www.mbs-solutions.de/mbs-2025-0001

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE