VYPR
Vendor

MERCURY

Products
18
CVEs
28
Across products
30
Status
Private

Products

18

Recent CVEs

28
View all 28 CVEs →
  • CVE-2026-35903CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.00

    MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP…

  • CVE-2025-10392CriSep 14, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now…

  • CVE-2023-46518CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.02

    Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.

  • CVE-2020-22724CriOct 14, 2021
    risk 0.64cvss 9.8epss 0.05

    A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.

  • CVE-2025-10385HigSep 14, 2025
    risk 0.57cvss 8.8epss 0.04

    A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2022-31849HigJun 16, 2022
    risk 0.57cvss 8.8epss 0.02

    MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.

  • CVE-2021-27825HigMay 29, 2023
    risk 0.52cvss 7.5epss 0.08

    A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.

  • CVE-2022-26988HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.01

    TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.

  • CVE-2022-26987HigMay 10, 2022
    risk 0.51cvss 7.8epss 0.01

    TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

  • CVE-2026-31256HigApr 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When…

  • CVE-2026-35902MedApr 27, 2026
    risk 0.40cvss 6.2epss 0.00

    The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent…

  • CVE-2024-8655MedSep 10, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2025-25526MedFeb 11, 2025
    risk 0.33cvss 5.1epss 0.00

    Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary…

  • CVE-2023-30306MedMay 28, 2024
    risk 0.28cvss 4.3epss 0.00

    An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2007-4440Aug 21, 2007
    risk 0.08cvss epss 0.65

    Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.

  • CVE-2007-1373Mar 10, 2007
    risk 0.08cvss epss 0.59

    Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.

  • CVE-2012-4999Sep 19, 2012
    risk 0.04cvss epss 0.07

    Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are…

  • CVE-2009-4755Mar 29, 2010
    risk 0.04cvss epss 0.07

    Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.

  • CVE-2009-4754Mar 29, 2010
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.

  • CVE-2007-5018Sep 20, 2007
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.