Mbs-Solutions: >> Ubr-01 Mk Ii Security Vulnerabilities
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-03-09
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-03-09
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-03-09
An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all.
CVSS Score
4.9
EPSS Score
0.0
Published
2026-03-09
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-09
Page 2