VYPR

Mercury X18G

by Mercusys

CVEs (4)

  • CVE-2021-25811HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.02

    MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to…

  • CVE-2021-25810MedApr 29, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.

  • CVE-2021-23241MedJan 7, 2021
    risk 0.36cvss 5.3epss 0.13

    MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.

  • CVE-2021-23242MedJan 7, 2021
    risk 0.35cvss 5.3epss 0.02

    MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.