Vulnerabilities > Mercusys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-26987 | Out-of-bounds Write vulnerability in multiple products TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. | 7.2 |
| 2022-05-10 | CVE-2022-26988 | Out-of-bounds Write vulnerability in multiple products TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. | 7.2 |
| 2021-04-29 | CVE-2021-25811 | Unspecified vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. | 7.8 |
| 2021-04-29 | CVE-2021-25810 | Cross-site Scripting vulnerability in Mercusys Mercury X18G Firmware 1.0.5 Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. | 4.3 |
| 2021-01-07 | CVE-2021-23242 | Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | 5.0 |
| 2021-01-07 | CVE-2021-23241 | Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | 5.0 |