CVE-2025-41766

Stack buffer overflow on parsing web request

CVSS 8.8 HIGHEPSS 0.5%CWE-787

In short

A specially crafted HTTP request can cause the application to crash or allow an attacker to take over the device completely. This happens because the program doesn't properly check the size of data it receives before storing it in memory.

Technical detail

Stack-based buffer overflow (CWE-787) in the ubr-network method triggered by malicious HTTP POST requests from remote, low-privileged attackers. The vulnerability results from insufficient input validation on request parsing, enabling arbitrary code execution and full device compromise.

Summary generated and translated by AI from the official description.

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

MBS · UBR-01 Mk II MBS · UBR-02 MBS · UBR-LON

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.mbs-solutions.de/mbs-2025-0001