CVE-2025-62771

Name of the Vulnerable Software and Affected Versions Mercku M6a versions through 2.1.0

Description Mercku M6a devices versions through 2.1.0 are susceptible to password changes through intranet Cross-Site Request Forgery (CSRF) attacks. CSRF attacks involve malicious websites or emails tricking a user's browser into performing unwanted actions on a trusted site. In this case, an attacker could potentially change the password of the Mercku M6a device without the user's knowledge or consent, provided the attacker can induce the user to perform a specific action while logged into the device's intranet interface.

Recommendations Update Mercku M6a devices to a version later than 2.1.0.