MBS Universal Gateways Hardcoded Password Vulnerability Allowing Unauthorized Access

A vulnerability exists in MBS Universal Gateways (UGW) web GUI and firmware versions through V6_0_0_5. It involves a hardcoded default password for a service account, which an unauthenticated remote attacker can extract from the firmware image. This password allows full access to the affected devices. The vulnerability is part of a broader set of security issues in the UGW web GUI, including insufficient input validation in several CGI methods, which could lead to arbitrary file deletion, unauthorized file inclusion, process termination, and exploitation of stack-based buffer overflows for arbitrary code execution with root privileges, resulting in a complete system compromise.

Impact

Exploitation of this vulnerability allows unauthorized access to the affected devices using the extracted hardcoded password, potentially leading to full system compromise, especially when combined with other identified vulnerabilities that allow for arbitrary code execution with root privileges.

Remediation

Users are advised to update to firmware version V6_0_0_7, available on the MBS Firmware Update page.