Primary

Context

MBS Universal BACnet Router Wildcard Network Block Vulnerability

Vulnerability

A vulnerability exists in the MBS Universal BACnet Router's web interface, specifically in the network blocking feature. Administrators may attempt to block all networks by using '*' or 'all' as the network identifier. However, these inputs are not supported and do not trigger any validation errors. Instead, they are silently converted to network 0, resulting in no networks being blocked. This issue affects both the 32 MB and 64 MB RAM versions of the router's firmware.

Impact

Exploiting this vulnerability renders the network block list ineffective, allowing traffic to pass through unimpeded, contrary to the administrator's intentions.

Remediation

Users are advised to update to the latest firmware version 6.0.1.0 for the Universal BACnet Router. This update addresses the vulnerability by correcting the network blocking functionality to properly validate and implement user inputs.

Added: Mar 9, 2026, 9:26 AM

Updated: Mar 9, 2026, 9:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MBS Universal BACnet Router Wildcard Network Block Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating