Primary

Context

MBS Universal BACnet Routers Unchecked Authorization Vulnerability in wwwupdate.cgi Endpoint Allowing Arbitrary Update Uploads

Vulnerability

A vulnerability exists in the MBS Universal BACnet Router's web interface, specifically within the wwwupdate.cgi endpoint. This issue arises from inadequate authorization checks, enabling unauthorized remote attackers to upload and apply arbitrary updates. The vulnerability affects both the 32 MB and 64 MB RAM versions of the router's firmware.

Impact

Exploitation of this vulnerability allows an attacker to upload and apply arbitrary updates, potentially introducing malicious code or overwriting existing files with harmful ones. An attacker could exploit this by uploading a previous update containing known vulnerabilities.

Remediation

Users are advised to update to the latest firmware version 6.0.1.0 for the Universal BACnet Router. For more details, please check the release notes on the MBS Solutions website.

Added: Mar 9, 2026, 9:24 AM

Updated: Mar 9, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MBS Universal BACnet Routers Unchecked Authorization Vulnerability in wwwupdate.cgi Endpoint Allowing Arbitrary Update Uploads

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating