CVE-2021-25810
- EPSS 0.61%
- Veröffentlicht 29.04.2021 16:15:09
- Zuletzt bearbeitet 21.11.2024 05:55:28
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
CVE-2021-25811
- EPSS 0.51%
- Veröffentlicht 29.04.2021 16:15:09
- Zuletzt bearbeitet 21.11.2024 05:55:28
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the...
CVE-2021-23241
- EPSS 57.89%
- Veröffentlicht 07.01.2021 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:26
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
CVE-2021-23242
- EPSS 0.38%
- Veröffentlicht 07.01.2021 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:26
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.