CVE-2025-41762 identifies a vulnerability in the MBS UBR-01 Mk II device related to the use of a weak cryptographic hash function (CWE-328) in the backup files generated by the wwwdnload.cgi endpoint. This endpoint produces backup data that includes sensitive information such as password hashes and certificates. Due to the weak hash algorithm, an unauthenticated attacker can exploit this flaw to gain unauthorized access to these sensitive data elements. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely if the endpoint is accessible. The weakness lies specifically in the cryptographic strength of the hash used to protect backup data integrity or confidentiality, which can be bypassed or reversed, exposing critical credentials and certificates. Although the vulnerability does not affect the integrity or availability of the device, the confidentiality breach can lead to further attacks, including credential theft and unauthorized system access. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates that the attack requires local access but no privileges or user interaction, with a high impact on confidentiality. No patches have been published yet, and no exploits are known in the wild. Organizations using this device should be aware of the risk and prepare to apply fixes once available.

The primary impact of CVE-2025-41762 is the compromise of confidentiality due to exposure of password hashes and certificates contained in backup files. Attackers gaining access to these credentials can potentially escalate privileges, impersonate users, or decrypt communications secured by the compromised certificates. While the vulnerability does not directly affect system integrity or availability, the stolen credentials can facilitate further attacks, including lateral movement within networks or persistent unauthorized access. Organizations relying on MBS UBR-01 Mk II devices for critical infrastructure or sensitive data management face increased risk of data breaches and operational disruption if attackers exploit this vulnerability. The requirement for local access limits remote exploitation but does not eliminate risk, especially in environments where physical or network access to the device is possible. The absence of known exploits in the wild currently reduces immediate threat but does not preclude future exploitation.

1. Restrict access to the wwwdnload.cgi endpoint by implementing strict network segmentation and access control lists to limit local access only to trusted administrators. 2. Monitor and log all access attempts to the backup endpoint to detect suspicious activity early. 3. Replace the weak hash algorithm used in backup generation with a strong, cryptographically secure hash function such as SHA-256 or better. 4. Apply vendor patches or firmware updates as soon as they become available to address the weak hash vulnerability. 5. If patches are not yet available, consider disabling the backup functionality or the vulnerable endpoint temporarily if operationally feasible. 6. Regularly audit backup files for unauthorized access or tampering. 7. Educate administrators on the risks of weak cryptographic protections and enforce strong credential management policies. 8. Employ multi-factor authentication and physical security controls to reduce the risk of unauthorized local access.