Vulnerabilities (CVE)

Filtered by vendor Mercusys Subscribe

Filtered by product Mercury X18g Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-25810	1 Mercusys	2 Mercury X18g, Mercury X18g Firmware	2021-05-05	4.3 MEDIUM	6.1 MEDIUM
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
CVE-2021-23242	1 Mercusys	2 Mercury X18g, Mercury X18g Firmware	2021-01-12	5.0 MEDIUM	5.3 MEDIUM
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.
CVE-2021-23241	1 Mercusys	2 Mercury X18g, Mercury X18g Firmware	2021-01-12	5.0 MEDIUM	5.3 MEDIUM
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.