CVE-2025-36535 – AutomationDirect MB-Gateway Missing Authentication for Critical Function

https://notcve.org/view.php?id=CVE-2025-36535

21 May 2025 — The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. • https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce • CWE-306: Missing Authentication for Critical Function •