Denial of Service Vulnerability in Mercury X18G by MERCUSYS
CVE-2021-25811

7.5HIGH

Key Information:

Vendor

Mercusys

Status
Mercury X18g Firmware
Vendor
CVE Published:
29 April 2021

What is CVE-2021-25811?

The Mercury X18G 1.0.5 devices from MERCUSYS are susceptible to a Denial of Service attack via a specially crafted value sent to the POST parameter 'listen_http_lan'. This vulnerability can render the device inaccessible to its web server after a restart, unless the associated configuration in 'uhttpd.json' is manually corrected. This flaw highlights the importance of proper input validation and device configuration to prevent exploitations.

References

https://www.mercusys.com/en/
x_refsource_MISC
https://www.mercurycom.com.cn/product-521-1.html
x_refsource_MISC
https://github.com/pokerfacett/MY_REQUEST/blob/master/Mer...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.