Directory Traversal Vulnerability in MERCUSYS Mercury X18G Devices
CVE-2021-23241

5.3MEDIUM

Key Information:

Vendor: Mercusys
Status: Mercury X18g Firmware
Vendor: CVE Published:; 7 January 2021

What is CVE-2021-23241?

The vulnerability allows unauthorized access to sensitive files on MERCUSYS Mercury X18G devices by exploiting a path traversal flaw. Attackers can bypass authentication using specific URI patterns such as '/loginLess/../../etc/passwd', gaining access to confidential data on the web server. This exposure could lead to further exploitation and compromise the integrity of the affected system.

References

https://www.mercusys.com/en/

x_refsource_MISC

https://github.com/BATTZION/MY_REQUEST/blob/master/Mercur...

x_refsource_MISC

https://www.mercurycom.com.cn/product-521-1.html

x_refsource_MISC

EPSS Score

57% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2021
Vulnerability Reserved
Jan 7, 2021

Mercusys

What is CVE-2021-23241?

References

EPSS Score

CVSS V3.1

Timeline