CVE-2025-41764

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

EUVD-2025-208375

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

CVE-2025-41764

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

CVE-2025-41772 wwwupdate.cgi Session token in URL

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...

CVE-2025-41772

The CVE-2025-41772 entry concerns the wwwupdate.cgi endpoint in UBR, where session tokens are exposed in plaintext in URL parameters. An unauthenticated remote attacker can obtain valid session tokens via the URL, enabling potential session hijacking. The connected CVE records confirm the vulnera...

CVE-2025-41764

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

CVE-2025-41764 Unchecked role in wwwupdate.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

PT-2026-24034

Name of the Vulnerable Software and Affected Versions versions prior to 2025-41764 Description Insufficient authorization enforcement allows a remote attacker to upload and apply arbitrary updates by exploiting the wwwupdate.cgi API endpoint. The wwwupdate.cgi endpoint lacks proper access control...