CVE-2026-35075

9.8 CRITICAL

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affe...

Published: 2026-06-03 · Last updated: 2026-06-08

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-1393

Affected products

Vendor	Product
mbs-solutions	universal_gateway_firmware

Description

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-35075
[Vendor advisory]https://www.certvde.com/en/advisories/VDE-2026-039/

Related CVEs

Same vendor

CVE-2026-35085 — A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root (8.8 HIGH)
CVE-2026-35084 — A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root (8.8 HIGH)
CVE-2026-35083 — A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root (8.8 HIGH)
CVE-2026-35082 — The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of us... (8.8 HIGH)
CVE-2026-35081 — The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of u... (8.1 HIGH)

Same CWE

CVE-2026-8672 — Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords (5.1 MEDIUM)