M6a
by Mercku
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62775 | Hig | 0.52 | 8.0 | 0.00 | Oct 22, 2025 | Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. | ||
| CVE-2025-62771 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. | ||
| CVE-2025-62774 | Low | 0.20 | 3.1 | 0.00 | Oct 22, 2025 | On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps. | ||
| CVE-2025-62772 | Low | 0.20 | 3.1 | 0.00 | Oct 22, 2025 | On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. | ||
| CVE-2025-62773 | Low | 0.16 | 2.4 | 0.00 | Oct 22, 2025 | Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator. |
- risk 0.52cvss 8.0epss 0.00
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.
- risk 0.49cvss 7.5epss 0.00
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.
- risk 0.20cvss 3.1epss 0.00
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.
- risk 0.20cvss 3.1epss 0.00
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.
- risk 0.16cvss 2.4epss 0.00
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator.