Remote Stack-Based Buffer Overflow Vulnerability in Mercury KM08-708H GiGA WiFi Wave2
CVE-2025-10392

9.3CRITICAL

Key Information:

Vendor

Mercury

Status
Km08-708h Giga Wifi Wave2
Vendor
CVE Published:
14 September 2025

What is CVE-2025-10392?

A vulnerability exists in the Mercury KM08-708H GiGA WiFi Wave2, specifically within the HTTP Header Handler component. The issue arises from improper handling of the 'Host' argument, which can lead to a stack-based buffer overflow. This vulnerability allows attackers to execute remote exploits, potentially compromising the system's integrity. The exploit details have been made public, raising concerns regarding the security of devices running this affected version.

Affected Version(s)

KM08-708H GiGA WiFi Wave2 1.1.14

References

https://vuldb.com/?id.323827
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323827
signaturepermissions-required
https://vuldb.com/?submit.644596
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

XCES (VulDB User)
.
CVE-2025-10392 : Remote Stack-Based Buffer Overflow Vulnerability in Mercury KM08-708H GiGA WiFi Wave2