Primary

Context

MBS Universal BACnet Router Backup Hash Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in the MBS Universal BACnet Router's web interface, specifically within the backup feature accessed through the wwwdnload.cgi endpoint. An unauthenticated attacker can exploit this vulnerability by taking advantage of the weak hashing method used in the backup files. This exploitation allows access to sensitive information such as password hashes and private certificates. The issue is present in all UBR firmware versions prior to 6.0.1.0.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, including hashed passwords and private keys, which could be used to impersonate the device or escalate privileges on the web interface.

Remediation

Users are advised to update to the latest UBR firmware version 6.0.1.0, available on the MBS Firmware Update page.

Added: Mar 9, 2026, 9:24 AM

Updated: Mar 9, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MBS Universal BACnet Router Backup Hash Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating