Mercusys Mercury X18g Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Mercusys Mercury X18g Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-25811 — CVSS 7.5 (high): MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent…
CVE-2021-25810 — CVSS 6.1 (medium): Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start'…
CVE-2021-23241 — CVSS 5.3 (medium): MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication…
CVE-2021-23242 — CVSS 5.3 (medium): MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd…