Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for KM08-708H GiGA WiFi Wave2 by Mercury

    CVE-2025-10392 (GCVE-0-2025-10392)

    Vulnerability from nvd – Published: 2025-09-14 05:32 – Updated: 2025-09-15 15:48
    VLAI
    Title
    Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow
    Summary
    A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.323827 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.323827 signaturepermissions-required
    https://vuldb.com/?submit.644596 third-party-advisory
    https://github.com/mohdkey/IOT-CVE/blob/main/KT_G… broken-linkexploit
    Impacted products
    Credits
    XCES (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T15:47:57.515714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T15:48:36.519Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP Header Handler"
              ],
              "product": "KM08-708H GiGA WiFi Wave2",
              "vendor": "Mercury",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "XCES (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used."
            },
            {
              "lang": "de",
              "value": "In Mercury KM08-708H GiGA WiFi Wave2 1.1.14 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Verarbeitung der Komponente HTTP Header Handler. Durch das Manipulieren des Arguments Host mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-14T05:32:06.135Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323827 | Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323827"
            },
            {
              "name": "VDB-323827 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323827"
            },
            {
              "name": "Submit #644596 | Korea Telecom KT_GIGA_WIFI-Wave 2 KM08-708H 1.1.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.644596"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/mohdkey/IOT-CVE/blob/main/KT_GIGA_WIFI-Wave%202%20has%20a%20stack%20overflow%20vulnerability.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-13T11:53:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10392",
        "datePublished": "2025-09-14T05:32:06.135Z",
        "dateReserved": "2025-09-13T09:48:46.725Z",
        "dateUpdated": "2025-09-15T15:48:36.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10385 (GCVE-0-2025-10385)

    Vulnerability from nvd – Published: 2025-09-14 01:02 – Updated: 2025-09-15 15:43
    VLAI
    Title
    Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow
    Summary
    A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.323820 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.323820 signaturepermissions-required
    https://vuldb.com/?submit.643902 third-party-advisory
    https://github.com/Jjx-wy/kt/blob/main/KT%20KM08-… exploit
    Impacted products
    Credits
    Jason J (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10385",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T15:43:25.941559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T15:43:34.081Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KM08-708H GiGA WiFi Wave2",
              "vendor": "Mercury",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jason J (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Mercury KM08-708H GiGA WiFi Wave2 1.1 gefunden. Es betrifft die Funktion sub_450B2C der Datei /goform/mcr_setSysAdm. Dank der Manipulation des Arguments ChgUserId mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-14T01:02:05.536Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323820 | Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323820"
            },
            {
              "name": "VDB-323820 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323820"
            },
            {
              "name": "Submit #643902 | Mercury Corporation KM08-708H\uff08GiGA WiFi Wave2\uff09 v1.1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.643902"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Jjx-wy/kt/blob/main/KT%20KM08-708H.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-13T09:25:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10385",
        "datePublished": "2025-09-14T01:02:05.536Z",
        "dateReserved": "2025-09-13T07:19:59.311Z",
        "dateUpdated": "2025-09-15T15:43:34.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10392 (GCVE-0-2025-10392)

    Vulnerability from cvelistv5 – Published: 2025-09-14 05:32 – Updated: 2025-09-15 15:48
    VLAI
    Title
    Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow
    Summary
    A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.323827 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.323827 signaturepermissions-required
    https://vuldb.com/?submit.644596 third-party-advisory
    https://github.com/mohdkey/IOT-CVE/blob/main/KT_G… broken-linkexploit
    Impacted products
    Credits
    XCES (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T15:47:57.515714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T15:48:36.519Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP Header Handler"
              ],
              "product": "KM08-708H GiGA WiFi Wave2",
              "vendor": "Mercury",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "XCES (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used."
            },
            {
              "lang": "de",
              "value": "In Mercury KM08-708H GiGA WiFi Wave2 1.1.14 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Verarbeitung der Komponente HTTP Header Handler. Durch das Manipulieren des Arguments Host mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-14T05:32:06.135Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323827 | Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323827"
            },
            {
              "name": "VDB-323827 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323827"
            },
            {
              "name": "Submit #644596 | Korea Telecom KT_GIGA_WIFI-Wave 2 KM08-708H 1.1.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.644596"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/mohdkey/IOT-CVE/blob/main/KT_GIGA_WIFI-Wave%202%20has%20a%20stack%20overflow%20vulnerability.pdf"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-13T11:53:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10392",
        "datePublished": "2025-09-14T05:32:06.135Z",
        "dateReserved": "2025-09-13T09:48:46.725Z",
        "dateUpdated": "2025-09-15T15:48:36.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10385 (GCVE-0-2025-10385)

    Vulnerability from cvelistv5 – Published: 2025-09-14 01:02 – Updated: 2025-09-15 15:43
    VLAI
    Title
    Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow
    Summary
    A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.323820 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.323820 signaturepermissions-required
    https://vuldb.com/?submit.643902 third-party-advisory
    https://github.com/Jjx-wy/kt/blob/main/KT%20KM08-… exploit
    Impacted products
    Credits
    Jason J (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10385",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T15:43:25.941559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T15:43:34.081Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KM08-708H GiGA WiFi Wave2",
              "vendor": "Mercury",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jason J (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Mercury KM08-708H GiGA WiFi Wave2 1.1 gefunden. Es betrifft die Funktion sub_450B2C der Datei /goform/mcr_setSysAdm. Dank der Manipulation des Arguments ChgUserId mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-14T01:02:05.536Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323820 | Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323820"
            },
            {
              "name": "VDB-323820 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323820"
            },
            {
              "name": "Submit #643902 | Mercury Corporation KM08-708H\uff08GiGA WiFi Wave2\uff09 v1.1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.643902"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Jjx-wy/kt/blob/main/KT%20KM08-708H.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-13T09:25:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10385",
        "datePublished": "2025-09-14T01:02:05.536Z",
        "dateReserved": "2025-09-13T07:19:59.311Z",
        "dateUpdated": "2025-09-15T15:43:34.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }