MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts...
7.5
CVSS
a year ago
CVE-2021-25810
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'de...
6.1
CVSS
a year ago
CVE-2021-23242
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI....
5.3
CVSS
2 years ago
CVE-2021-23241
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to...
5.3
CVSS
2 years ago
http://www.vicarius.io
is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the
Website is purely for informational, and educational purposes and should be independently
verified and confirmed. Vicarius does not accept any liability for any loss or damage
whatsoever caused in reliance upon such information or services. No statements or information
presented in any form by Vicarius is intended as fact, and you agree that you will not
consider the statements or information presented on the Website as fact or as a guarantee of
performance.