Vulnerabilities > Mercusys > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-25810 | Cross-site Scripting vulnerability in Mercusys Mercury X18G Firmware 1.0.5 Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. | 6.1 |
| 2021-01-07 | CVE-2021-23242 | Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | 5.3 |
| 2021-01-07 | CVE-2021-23241 | Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | 5.3 |