Mbs-solutions Vulnerabilities
Comprehensive security vulnerability database for Mbs-solutions products
7
2
3
15
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-41772 | 7.5 | An attacker can steal valid session tokens from the universal BACnet router firmware because these tokens are visible in the web address used to access the device's update page. This can be done remotely and without needing to log in, making it easy for anyone to exploit if they know the URL. | mbs-solutionsuniversal bacnet router firmware | Exploit Available | 30 days agoMar 9, 2026 |
| CVE-2025-41767 | 7.2 | An attacker can take complete control of the universal BACnet router by exploiting a flaw in its web interface that allows them to bypass security checks when updating the device. This can be done remotely, meaning the attacker doesn't need physical access to the device, making it a serious risk. | mbs-solutionsuniversal bacnet router firmware | Theoretical | 30 days agoMar 9, 2026 |
| CVE-2025-41766 | 8.8 | This vulnerability allows a low-privileged remote attacker to take complete control of a device by sending a specially crafted HTTP POST request. The attacker only needs network access to the device to exploit this weakness, making it a serious risk for systems using this firmware. | mbs-solutionsuniversal bacnet router firmware | Theoretical | 30 days agoMar 9, 2026 |
| CVE-2025-41761 | 7.8 | This vulnerability allows a low-privileged attacker who can access the UBR service account to gain full control of the system by using certain commands with elevated permissions. The attacker typically needs to access the system through methods like SSH to exploit this weakness. | mbs-solutionsuniversal bacnet router firmware | Theoretical | 30 days agoMar 9, 2026 |
| CVE-2025-41758 | 8.8 | This vulnerability allows a remote attacker with low privileges to overwrite any file on the device, potentially taking full control of the system. It exploits a flaw in the wwupload.cgi endpoint, which means the attacker can manipulate file paths to access and change critical files. | mbs-solutionsuniversal bacnet router firmware | Theoretical | 30 days agoMar 9, 2026 |
| CVE-2025-41757 | 8.8 | An attacker with low-level access can exploit a flaw in the backup restore feature of the universal BACnet router firmware to create or overwrite any files on the system, potentially taking full control. This can happen without proper checks on the backup files, making it easy for the attacker to manipulate the system. | mbs-solutionsuniversal bacnet router firmware | Theoretical | 30 days agoMar 9, 2026 |
| CVE-2025-41756 | 8.1 | A low-level attacker can use a hidden API to write any file they want on the system, potentially allowing them to take control or disrupt operations. This vulnerability can be exploited remotely without needing special access, making it particularly dangerous. | mbs-solutionsuniversal bacnet router firmware | Theoretical | 30 days agoMar 9, 2026 |
About Mbs-solutions Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Mbs-solutions products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.