PT-2021-15413 · Mercusys · Mercusys Mercury X18G

Published

2021-01-07

Updated

2021-01-12

CVE-2021-23241

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MERCUSYS Mercury X18G version 1.0.5

Description The issue allows Directory Traversal via ../ in conjunction with a loginLess or login.htm URI to the web server, enabling authentication bypass. This is demonstrated by the /loginLess/../../etc/passwd URI, which showcases the vulnerability.

Recommendations For MERCUSYS Mercury X18G version 1.0.5, consider restricting access to the loginLess and login.htm URIs as a temporary workaround until a patch is available. Additionally, avoid using the ../ sequence in conjunction with these URIs to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-23241

Affected Products

Mercusys Mercury X18G

PT-2021-15413 · Mercusys · Mercusys Mercury X18G

CVE-2021-23241

Weakness Enumeration

Related Identifiers

Affected Products

References · 7