Primary

Context

MBS Universal BACnet Router Privilege Escalation Vulnerability

Vulnerability

A vulnerability exists in the MBS Universal BACnet Router's UBR service account, allowing low-privileged local attackers who gain access to the account (e.g., via SSH) to escalate privileges and obtain full system access. This issue arises because the service account can execute certain binaries, such as tcpdump and ip, with sudo privileges. Exploitation of this vulnerability could lead to unauthorized actions with elevated rights, potentially compromising the entire system.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, giving an attacker full access to the system.

Remediation

Users are advised to update to the latest UBR firmware version 6.0.1.0, which addresses this vulnerability.

Added: Mar 9, 2026, 9:25 AM

Updated: Mar 9, 2026, 9:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MBS Universal BACnet Router Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating