Threat Advisory

MBS Universal Gateway Vulnerability Exposes Networks

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT, Critical Infrastructure
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in MBS Universal Gateway appliances running firmware version V6_0_0_5 and earlier. The flaws span stack buffer overflows, authentication bypass, privilege escalation, remote code execution, and arbitrary file deletion within the web GUI and configuration utilities. Exploitation can allow unauthenticated attackers to recover hard‑coded credentials, execute code with root privileges, and disrupt building‑automation services. For organizations that rely on these gateways to protect smart‑building networks, compromised devices could enable full network takeover, data exfiltration, and prolonged operational downtime, posing significant financial and reputational risk.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in MBS Universal Gateway appliances running firmware version V6_0_0_5 and earlier. The flaws span stack buffer overflows, authentication bypass, privilege escalation, remote code execution, and arbitrary file deletion within the web GUI and configuration utilities. Exploitation can allow unauthenticated attackers to recover hard‑coded credentials, execute code with root privileges, and disrupt building‑automation services. For organizations that rely on these gateways to protect smart‑building networks, compromised devices could enable full network takeover, data exfiltration, and prolonged operational downtime, posing significant financial and reputational risk.[emaillocker id="1283"]

  • CVE-2026-35075 with a CVSS score of 9.8 – A hard‑coded default password is stored in the firmware image, allowing an unauthenticated remote attacker to retrieve the secret and gain full administrative access to the device.
    • CVE-2026-35085 with a CVSS score of 8.8 – A stack buffer overflow in the gdv‑serverconfig endpoint can be triggered by sending specially crafted data, enabling a low‑privilege remote attacker to execute arbitrary code as root.
    • CVE-2026-35084 with a CVSS score of 8.8 – Similar overflow in the dali‑devconfig module permits remote exploitation, granting attacker root control after overflow manipulation.
    • CVE-2026-35083 with a CVSS score of 8.8 – This flaw combines a stack overflow with a path traversal that lets an attacker read confidential log files and then escalate to full system compromise.

The concentration of high‑severity flaws across the gateway firmware creates an urgent threat that could be weaponized by adversaries to seize control of building‑automation infrastructure. If exploited, organizations face complete loss of network segmentation, potential data breaches, and costly service interruptions that directly impact operational continuity and brand trust.

RECOMMENDATION:

  • We recommend you to update MBS Universal Gateway to version V6_0_0_7.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/mbs-universal-gateway-flaws/

[/emaillocker]
crossmenu