The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.
CVE ID: CVE-2025-36535
CVSS Base Severity: CRITICAL
CVSS Base Score: 10.0
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Vendor: AutomationDirect
Product: MB-Gateway
EPSS Score: 0.1% (probability of being exploited)
EPSS Percentile: 28.77% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)