PT-2025-37395 · Unknown · Mercury Km08-708H Giga Wifi Wave2
Jason J
·
Published
2025-09-14
·
Updated
2025-09-18
·
CVE-2025-10385
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mercury KM08-708H GiGA WiFi Wave2 version 1.1
Description
A buffer overflow issue exists in the
sub 450B2C function of the /goform/mcr setSysAdm file. The vulnerability is triggered by manipulating the ChgUserId argument, allowing for remote attacks. The exploit for this issue has been publicly disclosed.Recommendations
As a temporary workaround, consider restricting access to the
/goform/mcr setSysAdm file to minimize the risk of exploitation.
Avoid using the ChgUserId parameter in the affected function sub 450B2C until the issue is resolved.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mercury Km08-708H Giga Wifi Wave2