Approved changes feed: RSS · Atom

cpe:2.3:o:mercusys:mercury_x18g_firmware:1.0.5:*:*:*:*:*:*:*

part: o version: 1.0.5 update: *

VendorMercusys (dda614ee-19b5-5d45-890c-ad6ee40e1fcf)
ProductMercury X18G Firmware (a88b9213-041c-5927-9a92-02a6c0bfdb26)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-25811 vulnerable 2026-06-08 05:30:41.584064 Details available
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
Published: 2021-04-29T15:44:03.000Z
Updated: 2024-08-03T20:11:28.471Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25810 vulnerable 2026-06-08 05:30:41.582865 Details available
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
Published: 2021-04-29T15:44:02.000Z
Updated: 2024-08-03T20:11:28.450Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-23242 vulnerable 2026-06-08 05:30:02.554696 Details available
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.
Published: 2021-01-07T20:19:22.000Z
Updated: 2024-08-03T19:05:54.553Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-23241 vulnerable 2026-06-08 05:30:02.550265 Details available
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
Published: 2021-01-07T20:19:32.000Z
Updated: 2024-08-03T19:05:55.627Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.