Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mercury_x18g_firmware
(Mercusys)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-07 | CVE-2021-23241 | MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | Mercury_x18g_firmware | 5.3 | ||
| 2021-01-07 | CVE-2021-23242 | MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | Mercury_x18g_firmware | 5.3 | ||
| 2021-04-29 | CVE-2021-25810 | Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. | Mercury_x18g_firmware | 6.1 | ||
| 2021-04-29 | CVE-2021-25811 | MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed. | Mercury_x18g_firmware | 7.5 |