GCVE - cpe:2.3:h:mercusys:mercury_x18g:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:mercusys:mercury_x18g:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Mercusys (`dda614ee-19b5-5d45-890c-ad6ee40e1fcf`)
Product	Mercury X18G (`29bc9cee-f2df-5cb2-a933-27352cd53385`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-25811`	not_vulnerable	2026-06-08 05:30:41.584088	Details available MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed. Published: 2021-04-29T15:44:03.000Z Updated: 2024-08-03T20:11:28.471Z Open on db.gcve.eu Reference links https://www.mercusys.com/en/ https://www.mercurycom.com.cn/product-521-1.html https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Denial%20of%20Service.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25810`	not_vulnerable	2026-06-08 05:30:41.583617	Details available Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. Published: 2021-04-29T15:44:02.000Z Updated: 2024-08-03T20:11:28.450Z Open on db.gcve.eu Reference links https://www.mercusys.com/en/ https://www.mercurycom.com.cn/product-521-1.html https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Stored%20XSS.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-23242`	not_vulnerable	2026-06-08 05:30:02.554721	Details available MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. Published: 2021-01-07T20:19:22.000Z Updated: 2024-08-03T19:05:54.553Z Open on db.gcve.eu Reference links https://www.mercusys.com/en/ https://www.mercurycom.com.cn/product-521-1.html https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Upnp%20Server%20Directory%20Traversal.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-23241`	not_vulnerable	2026-06-08 05:30:02.550947	Details available MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. Published: 2021-01-07T20:19:32.000Z Updated: 2024-08-03T19:05:55.627Z Open on db.gcve.eu Reference links https://www.mercusys.com/en/ https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md https://www.mercurycom.com.cn/product-521-1.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.