CVE-2026-35083
Description
A stack buffer overflow in MBS Universal Gateways (UGW) web GUI allows a privileged attacker to gain root access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack buffer overflow in MBS Universal Gateways (UGW) web GUI allows a privileged attacker to gain root access.
Vulnerability
Multiple stack-based buffer overflows exist in the web GUI of MBS Universal Gateways (UGW-A-Series, UGW-X-Series) due to insufficient input validation and lack of bounds checking in several CGI methods. These vulnerabilities affect version V6_0_0_5 and earlier [1].
Exploitation
A remote attacker with user privileges can exploit these stack buffer overflows. The attacker needs to be authenticated to the web GUI and trigger the vulnerable CGI methods with crafted input to overwrite buffer boundaries.
Impact
Successful exploitation of the stack buffer overflows allows an attacker to execute arbitrary code with root privileges, leading to a full system compromise. This could result in unauthorized access and control over the building automation devices managed by the gateway [1].
Mitigation
Version V6_0_0_5 and earlier are affected. A fixed version is not yet disclosed in the available references. Users are advised to consult the vendor for specific patch information or potential workarounds [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.