Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Signature bypass on update upload
Vulnerability Description
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
MBS多款产品 数据伪造问题漏洞
Vulnerability Description
MBS UBR-01 Mk II等都是德国MBS公司的产品。MBS UBR-01 Mk II是一款远程基站设备。MBS UBR-02是一款远程基站设备。MBS UBR-LON是一款工业自动化系统的通信接口设备。 MBS多款产品存在数据伪造问题漏洞,该漏洞源于高权限远程攻击者可利用web界面中wwwupdate.cgi方法的更新签名绕过漏洞,可能导致设备完全被控制。以下产品受到影响:MBS UBR-01 Mk II、MBS UBR-02和MBS UBR-LON。
CVSS Information
N/A
Vulnerability Type
N/A