Critical flaws in MBS GmbH gateway let attackers gain root access

THE content outlines critical software vulnerabilities found in MBS GmbH's industrial communication appliances, specifically in their Universal Gateway firmware versions V6_0_0_5 and earlier. Key vulnerabilities include CVE-2026-35075, which involves insecure default passwords allowing unauthorized administrative access, and multiple stack buffer overflow vulnerabilities (CVE-2026-35083, CVE-2026-35084, CVE-2026-35085) exposing systems to root access through configuration utilities.

Additionally, risks associated with arbitrary file deletion and improper user parameter validation were highlighted. Immediate remediation is advised by updating systems to firmware version V6_0_0_7 and monitoring configurations to safeguard against potential exploits.