Mbs Double-x M-bus
11 CVEs affecting Mbs Double-x M-bus. Latest disclosed: 2026-06-03. Critical: 1, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35075 | Critical | 9.8 | 2026-06-03 | An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. |
CVE-2026-35085 | High | 8.8 | 2026-06-03 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. |
CVE-2026-35084 | High | 8.8 | 2026-06-03 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. |
CVE-2026-35083 | High | 8.8 | 2026-06-03 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. |
CVE-2026-35082 | High | 8.8 | 2026-06-03 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. |
CVE-2026-35081 | High | 8.1 | 2026-06-03 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. |
CVE-2026-35080 | High | 8.1 | 2026-06-03 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled inpu… |
CVE-2026-35079 | High | 8.1 | 2026-06-03 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
CVE-2026-35078 | High | 8.1 | 2026-06-03 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
CVE-2026-35077 | High | 8.1 | 2026-06-03 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled inp… |
CVE-2026-35076 | High | 8.1 | 2026-06-03 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |