CVE-2026-35080

Arbitrary file delete vulnerability in method ugw-restoreinfo

CVSS 7.2 HIGHEPSS 0.4%CWE-73

In short

A remote attacker with user access can delete any file on the system through the ugw-restoreinfo method because the system doesn't properly validate what files are being deleted. This is dangerous because it can destroy important data or system files.

Technical detail

The ugw-restoreinfo method fails to validate user-supplied file path inputs, allowing authenticated remote attackers to delete arbitrary files on the system (CWE-73: External Control of File Name or Path). The vulnerability requires valid user credentials but lacks path traversal protections or whitelist restrictions, resulting in confidentiality and integrity impact through unauthorized file deletion.

Summary generated and translated by AI from the official description.

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MBS · Double-A Profibus MBS · Double-A x-link MBS · Double-X CAN MBS · Double-X DALI MBS · Double-X KNX MBS · Double-X LON MBS · Double-X M-Bus MBS · Double-X PROFINET MBS · Double-X x-link MBS · Single-A MBS · Single-X MBS · Triple-X KNX+DALI MBS · Triple-X KNX+LON MBS · Triple-X KNX+M-Bus MBS · Triple-X PROFINET+DALI MBS · Triple-X PROFINET+KNX MBS · Triple-X PROFINET+LON MBS · Triple-X PROFINET+M-Bus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.certvde.com/en/advisories/VDE-2026-039/