CVE-2025-10385
BaseFortify
Publication date: 2025-09-14
Last updated on: 2025-09-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercury | km08-708h | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10385 is a buffer overflow vulnerability in Mercury KM08-708H GiGA WiFi Wave2 version 1.1. It occurs in the function sub_450B2C within the /goform/mcr_setSysAdm endpoint, specifically when handling the argument ChgUserId. The vulnerability arises because the code uses the strcpy() function without checking the length of the input, allowing an attacker to overflow the buffer by supplying input larger than the buffer size. This can lead to overwriting adjacent memory, potentially enabling arbitrary code execution or causing a denial of service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without authentication, allowing attackers to compromise the affected device's confidentiality, integrity, and availability. Exploitation may result in arbitrary code execution or denial of service, which could disrupt network operations or allow unauthorized control over the device. Since the device is a wireless LAN device, this could impact network security and availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for requests to the /goform/mcr_setSysAdm endpoint, especially those manipulating the ChgUserId parameter with unusually long input values that may trigger the buffer overflow. Additionally, scanning the device firmware version to confirm if it is Mercury KM08-708H GiGA WiFi Wave2 version 1.1 can help identify vulnerable systems. Specific commands are not provided in the resources, but network traffic inspection tools like tcpdump or Wireshark can be used to filter HTTP requests to /goform/mcr_setSysAdm. For example, using tcpdump: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then searching for /goform/mcr_setSysAdm in the payload. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Mercury KM08-708H GiGA WiFi Wave2 version 1.1 device with a non-vulnerable alternative, as no known countermeasures or patches are currently available. Additionally, restricting remote access to the device, especially blocking access to the /goform/mcr_setSysAdm endpoint, can reduce exposure. Monitoring for exploit attempts and isolating vulnerable devices from critical networks are also recommended. [2]