Universal bacnet router firmware Vulnerabilities

This vulnerability allows a low-privileged remote attacker to download sensitive files, such as system backups and certificate requests, from the device. The attacker can exploit this by accessing a specific web endpoint without needing high-level permissions.

An attacker can exploit a weakness in the backup process of the universal BACnet router firmware to access sensitive information, such as password hashes and certificates, without needing to log in. This vulnerability occurs because the backup files are protected by a weak hash, making it easier for unauthorized users to retrieve the data.

This vulnerability allows an attacker to bypass security measures by sending any network traffic through the universal BACnet router, even if an administrator tries to block it with an empty filter list. The issue arises because the router does not enforce restrictions when the filter is empty, meaning no special conditions are needed for an attacker to exploit this flaw.

This vulnerability allows an attacker to bypass network blocking controls by using unsupported identifiers like "*" or "all," which are incorrectly interpreted as allowing all networks instead of blocking them. For this to happen, an administrator must mistakenly configure the router with these values, thinking they are securing the network.

An attacker can remotely read any file on the system by exploiting a flaw in the universal BACnet router firmware, as the software does not properly check the file names provided by the attacker. This requires the attacker to have low-level access, but they can manipulate a specific method to access sensitive information stored in files.

This vulnerability allows a low-privileged remote attacker to read any file on the system by exploiting an unused API endpoint in the firmware of the universal BACnet router. The attacker only needs access to this specific method, which is not properly documented or secured.