Filtered by vendor Mercusys
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52162 | 1 Mercusys | 1 Mw325r Eu V3 | 2025-02-13 | 6.7 Medium |
| Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication. | ||||
| CVE-2023-46297 | 1 Mercusys | 1 Mw325r Eu V3 | 2025-02-13 | 5.1 Medium |
| An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior. | ||||
| CVE-2022-26988 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2024-11-21 | 7.8 High |
| TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution. | ||||
| CVE-2022-26987 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2024-11-21 | 7.8 High |
| TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution. | ||||
| CVE-2021-25811 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 7.5 High |
| MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed. | ||||
| CVE-2021-25810 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 6.1 Medium |
| Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. | ||||
| CVE-2021-23242 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 5.3 Medium |
| MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | ||||
| CVE-2021-23241 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 5.3 Medium |
| MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | ||||
Page 1 of 1.