26 matches found
CVE-2025-41764
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...
EUVD-2025-208374
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...
EUVD-2025-208380
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
EUVD-2025-208375
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...
EUVD-2025-208383
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
EUVD-2025-208381
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41767
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41772
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
CVE-2025-41772
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
CVE-2025-41764
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...
CVE-2025-41764
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...
CVE-2025-41772
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
CVE-2025-41772 wwwupdate.cgi Session token in URL
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
CVE-2025-41772 wwwupdate.cgi Session token in URL
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR...
CVE-2025-41772
The CVE-2025-41772 entry concerns the wwwupdate.cgi endpoint in UBR, where session tokens are exposed in plaintext in URL parameters. An unauthenticated remote attacker can obtain valid session tokens via the URL, enabling potential session hijacking. The connected CVE records confirm the vulnera...
CVE-2025-41767 Signature bypass on update upload
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41767
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41767 Signature bypass on update upload
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41767
The CVE-2025-41767 entry describes a vulnerability in UBR where an update signature bypass in the web interface (wwwupdate.cgi) allows a high-privileged remote attacker to fully compromise the device. Affected component: the web interface update mechanism (wwwupdate.cgi) on UBR. Root cause: an up...
CVE-2025-41764
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...