Volerion logoVolerion
Volerion logoVolerion

MBS UGW Web GUI Arbitrary File Deletion Vulnerability

Vulnerability

A vulnerability in the ugw-restoreinfo method allows remote attackers with user privileges to delete arbitrary local files. This issue arises from inadequate validation of user-controlled input. The vulnerability affects MBS Universal Gateways (UGW-A-Series and UGW-X-Series) running firmware versions prior to V6_0_0_7.

Impact

Exploitation of this vulnerability could enable an authenticated attacker to delete arbitrary local files on the affected UGW devices.

Remediation

Users are advised to update to firmware version V6_0_0_7, available at the MBS Firmware Update page.

Added: Jun 3, 2026, 1:23 PM
Updated: Jun 3, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
5.2
remediation
0.0
relevance
9.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.