CVE-2025-10385
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-14

Last updated on: 2025-09-15

Assigner: VulDB

Description
A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-14
Last Modified
2025-09-15
Generated
2026-06-16
AI Q&A
2025-09-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10385
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mercury km08-708h 1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10385 is a buffer overflow vulnerability in Mercury KM08-708H GiGA WiFi Wave2 version 1.1. It occurs in the function sub_450B2C within the /goform/mcr_setSysAdm endpoint, specifically when handling the argument ChgUserId. The vulnerability arises because the code uses the strcpy() function without checking the length of the input, allowing an attacker to overflow the buffer by supplying input larger than the buffer size. This can lead to overwriting adjacent memory, potentially enabling arbitrary code execution or causing a denial of service. [1, 2]

Impact Analysis

This vulnerability can be exploited remotely without authentication, allowing attackers to compromise the affected device's confidentiality, integrity, and availability. Exploitation may result in arbitrary code execution or denial of service, which could disrupt network operations or allow unauthorized control over the device. Since the device is a wireless LAN device, this could impact network security and availability. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring network traffic for requests to the /goform/mcr_setSysAdm endpoint, especially those manipulating the ChgUserId parameter with unusually long input values that may trigger the buffer overflow. Additionally, scanning the device firmware version to confirm if it is Mercury KM08-708H GiGA WiFi Wave2 version 1.1 can help identify vulnerable systems. Specific commands are not provided in the resources, but network traffic inspection tools like tcpdump or Wireshark can be used to filter HTTP requests to /goform/mcr_setSysAdm. For example, using tcpdump: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then searching for /goform/mcr_setSysAdm in the payload. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Mercury KM08-708H GiGA WiFi Wave2 version 1.1 device with a non-vulnerable alternative, as no known countermeasures or patches are currently available. Additionally, restricting remote access to the device, especially blocking access to the /goform/mcr_setSysAdm endpoint, can reduce exposure. Monitoring for exploit attempts and isolating vulnerable devices from critical networks are also recommended. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10385. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart