PT-2021-16801 · Mercusys · Mercusys Mercury X18G

Published

2021-04-29

Updated

2021-05-08

CVE-2021-25811

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MERCUSYS Mercury X18G version 1.0.5

Description The issue allows for denial of service via a crafted value to the listen http lan parameter. After the device restarts following exploitation, it cannot access the web server unless the listen http lan parameter in uhttpd.json is manually fixed.

Recommendations For MERCUSYS Mercury X18G version 1.0.5, manually fix the listen http lan parameter in uhttpd.json to restore web server access. As a temporary workaround, consider avoiding the use of the listen http lan parameter until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-25811

Affected Products

Mercusys Mercury X18G

PT-2021-16801 · Mercusys · Mercusys Mercury X18G

CVE-2021-25811

Related Identifiers

Affected Products

References · 5