CVE-2025-10385— Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow

Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow

A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Mercury KM08-708H GiGA WiFi Wave2 安全漏洞

Mercury KM08-708H GiGA WiFi Wave2是中国水星（Mercury）公司的一款无线路由器。 Mercury KM08-708H GiGA WiFi Wave2 1.1版本存在安全漏洞，该漏洞源于文件/goform/mcr_setSysAdm中函数sub_450B2C对参数ChgUserId的错误操作，可能导致缓冲区溢出。

N/A

N/A