Unauthenticated remote attackers can compromise sensitive system data and cryptographic keys by exploiting an authorization bypass in the wwwupload.cgi service.

The wwwupload.cgi endpoint fails to enforce authorization, allowing an unauthenticated remote attacker to upload and overwrite critical files. This includes contact images, HTTPS certificates, system backups, and highly sensitive BACnet/SC server certificates and keys.

The compromise of BACnet/SC certificates and system backups allows an attacker to decrypt secure communications and gain deep access to building automation networks. With a CVSS score of 9.1, this vulnerability poses a significant risk of data exfiltration and unauthorized system restoration, potentially leading to a total breach of the facility's security infrastructure.

Immediate Action: Apply the latest security patches from the vendor immediately to ensure all CGI upload functions require strict authentication and authorization.

Proactive Monitoring: Audit the filesystem for unauthorized certificate changes or unexpected backup restoration events, and monitor logs for unauthenticated access to the /wwwupload.cgi path.

Compensating Controls: Implement certificate pinning where possible and use network segmentation to isolate the building automation system (BAS) from the corporate network and the internet.

Public Exploit Available: false

The exposure of cryptographic keys and system backups to unauthenticated users is a critical security flaw. Immediate remediation via firmware updates is required to protect the integrity of the building automation environment and prevent unauthorized lateral movement.