Vulnerabilities
Vulnerable Software
Mbs-Solutions:  Security Vulnerabilities
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.
CVSS Score
6.5
EPSS Score
0.005
Published
2026-03-09
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
CVSS Score
8.1
EPSS Score
0.003
Published
2026-03-09
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.
CVSS Score
8.8
EPSS Score
0.005
Published
2026-03-09
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.
CVSS Score
8.8
EPSS Score
0.005
Published
2026-03-09
An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-03-09
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-03-09


Contact Us

Shodan ® - All rights reserved