34 matches found
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
Mercku M6a 跨站请求伪造漏洞
Mercku M6a is a WiFi router from Mercku USA. A cross-site request forgery vulnerability exists in Mercku M6a version 2.1.0 and earlier, which originates from allowing a cross-site request forgery attack to change passwords via the internal network...
EUVD-2025-35313
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62773
CVE-2025-62773 affects Mercku M6a firmware up to 2.1.0. The issue arises when an administrator can enable TELNET sessions through a router.telnet.enabled.update request, enabling TELNET access on the device. Affected component is the device’s TELNET capability; root cause is a misconfiguration/au...
CVE-2025-62772
This CVE concerns Mercku M6a devices (through version 2.1.0). The issue is that session tokens may remain valid for months, enabling potential unauthorized access as described across multiple feeds. The available documents confirm the affected product and version range, but do not provide a detai...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62774
The CVE affects Mercku M6a devices up to version 2.1.0, where the authentication system uses session tokens that are predictable because they are based on timestamps. This introduces a potential for token guessing and authentication bypass, as described across multiple sources (Red Hat, NVD, CNNV...
CVE-2025-62775
CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...
Mercku M6a 安全漏洞
Mercku M6a is a WiFi router from Mercku USA. A security vulnerability exists in Mercku M6a version 2.1.0 and prior versions, which stems from a session token that is valid for too long, which could lead to unauthorized access...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
EUVD-2025-35312
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...