CVE-2021-25811

Sažetak

MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.

Reference

https://www.mercusys.com/en/
https://www.mercurycom.com.cn/product-521-1.html
https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Denial%20of%20Service.md

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

08-05-2021 - 04:04

Objavljeno

29-04-2021 - 16:15