Security Vulnerabilities
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
CVSS Score
8.7
EPSS Score
0.002
Published
2026-06-03
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
CVSS Score
8.7
EPSS Score
0.001
Published
2026-06-03
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
CVSS Score
9.3
EPSS Score
0.001
Published
2026-06-03
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-06-03
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-06-03
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-06-03
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-06-03
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-06-03
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-06-03
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-06-03