Vulnerabilities > CVE-2021-25811 - Unspecified vulnerability in Mercusys Mercury X18G Firmware 1.0.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
References
- https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Denial%20of%20Service.md
- https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Denial%20of%20Service.md
- https://www.mercurycom.com.cn/product-521-1.html
- https://www.mercurycom.com.cn/product-521-1.html
- https://www.mercusys.com/en/
- https://www.mercusys.com/en/