2026-03-09 08:18:49
CERTVDE
PUBLISHED
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.