CVE-2025-41766 PUBLISHED

Stack buffer overflow on parsing web request

Assigner: CERTVDE
Reserved: 16.04.2025 Published: 09.03.2026 Updated: 09.03.2026

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Product Status

Vendor MBS
Product UBR-01 Mk II
Versions Default: unaffected
  • affected from 0.0.0 to 6.0.1.0 (excl.)
Vendor MBS
Product UBR-02
Versions Default: unaffected
  • affected from 0.0.0 to 6.0.1.0 (excl.)
Vendor MBS
Product UBR-LON
Versions Default: unaffected
  • affected from 0.0.0 to 6.0.1.0 (excl.)

Credits

  • Adrien Rey from Cyber Defense Campus Zurich finder
  • Daniel Hulliger from Armasuisse finder

References

Problem Types

  • CWE-787 Out-of-bounds Write CWE