34 matches found
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...
Mercku M6a 跨站请求伪造漏洞
Mercku M6a is a WiFi router from Mercku USA. A cross-site request forgery vulnerability exists in Mercku M6a version 2.1.0 and earlier, which originates from allowing a cross-site request forgery attack to change passwords via the internal network...
EUVD-2025-35313
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62774
The CVE affects Mercku M6a devices up to version 2.1.0, where the authentication system uses session tokens that are predictable because they are based on timestamps. This introduces a potential for token guessing and authentication bypass, as described across multiple sources (Red Hat, NVD, CNNV...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
Mercku M6a 安全特征问题漏洞
Mercku M6a is a WiFi router from Mercku USA. A security feature issue vulnerability exists in Mercku M6a version 2.1.0 and earlier, which stems from the authentication system's use of predictable session tokens based on timestamps, which could lead to authentication bypass...
Mercku M6a 安全漏洞
Mercku M6a is a WiFi router from Mercku USA. A security vulnerability exists in Mercku M6a version 2.1.0 and prior versions, which originates from allowing root login via TELNET using the web administrator password, which could lead to unauthorized access...
EUVD-2025-35315
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...
CVE-2025-62775
CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
CVE-2025-62772
This CVE concerns Mercku M6a devices (through version 2.1.0). The issue is that session tokens may remain valid for months, enabling potential unauthorized access as described across multiple feeds. The available documents confirm the affected product and version range, but do not provide a detai...