35 matches found
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
Mercku M6a 跨站请求伪造漏洞
Mercku M6a is a WiFi router from Mercku USA. A cross-site request forgery vulnerability exists in Mercku M6a version 2.1.0 and earlier, which originates from allowing a cross-site request forgery attack to change passwords via the internal network...
EUVD-2025-35313
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62773
CVE-2025-62773 affects Mercku M6a firmware up to 2.1.0. The issue arises when an administrator can enable TELNET sessions through a router.telnet.enabled.update request, enabling TELNET access on the device. Affected component is the device’s TELNET capability; root cause is a misconfiguration/au...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62775
CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
EUVD-2025-35312
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...