Vulnerabilities > Mercusys > Mercury X18G Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2021-25811 Unspecified vulnerability in Mercusys Mercury X18G Firmware 1.0.5
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter.
network
low complexity
mercusys
7.8
7.8
2021-04-29 CVE-2021-25810 Cross-site Scripting vulnerability in Mercusys Mercury X18G Firmware 1.0.5
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
network
mercusys CWE-79
4.3
4.3
2021-01-07 CVE-2021-23242 Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.
network
low complexity
mercusys CWE-22
5.0
5.0
2021-01-07 CVE-2021-23241 Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
network
low complexity
mercusys CWE-22
5.0
5.0