MBS Universal BACnet Router UBR Backup Restore Vulnerability Allowing Arbitrary File Overwrite
Vulnerability
A vulnerability exists in the backup restore functionality of the MBS Universal BACnet Router (UBR) firmware. This issue allows low-privileged remote attackers to overwrite or create arbitrary files on the system. The vulnerability arises because the restore function, which operates with elevated privileges, fails to validate the contents of the backup archive before applying it. As a result, attackers can exploit this oversight to manipulate files anywhere on the device.
Impact
Exploitation of this vulnerability gives attackers full control over the file system. They can overwrite any file, replace existing scripts with malicious ones that will be executed, change passwords for web interface and SSH accounts, modify various configuration files, and alter network filters.
Remediation
Users are advised to update to the new UBR firmware version 6.0.1.0, which addresses this vulnerability. For more details, please check the release notes on the MBS Solutions website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.