A stack buffer overflow occurs in the gdv-serverconfig method, allowing an attacker with user privileges to trigger memory corruption and achieve full system access as root. This vulnerability is a classic stack-based buffer overflow (CWE-121), resulting in remote code execution that can compromise confidentiality, integrity, and availability of the affected device.

Affected devices include MBS Double-A, Double-X, Single-X, and Triple-X firmware systems that support networks such as Profibus, x‑link, CAN, DALI, KNX, LON, M‑Bus, and PROFINET. The CVE does not list specific firmware versions, so all installations of these products may be impacted unless patched.

The CVSS score of 8.7 indicates a high risk, while no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, as the description specifies a remote attacker with user privileges. The severity and lack of publicly known mitigations suggest that exploitation could lead to total takeover, emphasizing the importance of immediate review of access controls and firmware updates.