CVE-2025-41765

The CVE-2025-41765 issue centers on an unchecked authorization enforcement in the wwwupload.cgi endpoint, enabling an unauthorized remote attacker to upload and apply arbitrary data. The known impact includes the ability to introduce contact images, HTTPS certificates, system backups for restorat...

CVE-2025-41765 Unchecked role in wwwupload.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41764 Unchecked role in wwwupdate.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

CVE-2025-41764

CVE-2025-41764 : The connected documents confirm a vulnerability in the wwwupdate.cgi endpoint where insufficient authorization enforcement allows an unauthorized remote attacker to upload and apply arbitrary updates. CVSS‑3.1 metrics indicate a 9.1 (CRITICAL) base score, with Network attack vect...

CVE-2025-41763

CVE-2025-41763 : A low-privilege remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. The entry provides CVSS 3.1 impact vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) with...

CVE-2025-41763 Unchecked role in wwwdnload.cgi

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...