CVE-2025-10392
BaseFortify
Publication date: 2025-09-14
Last updated on: 2025-09-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercury | km08-708h | 1.1.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10392 is a critical stack-based buffer overflow vulnerability in the Mercury KM08-708H GiGA WiFi Wave2 device, firmware version 1.1.14. It occurs in the HTTP Header Handler component when the 'Host' header argument is manipulated with crafted input. This causes a stack overflow, which can be exploited remotely without authentication, potentially leading to device crashes or disruption of normal operations. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute a stack-based buffer overflow attack by sending a malicious HTTP 'Host' header. The impact includes crashing the device's services, causing denial of service, and potentially compromising the confidentiality, integrity, and availability of the device. Since the exploit is public and requires no authentication, it poses a significant risk to affected devices. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring HTTP traffic for suspicious or unusually long Host header values that could trigger the buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on malformed or oversized Host headers targeting the Mercury KM08-708H GiGA WiFi Wave2 device. Specific commands are not provided in the resources, but using tools like tcpdump or Wireshark to capture HTTP headers and searching for abnormal Host header lengths or patterns could help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing restrictive firewall rules to block or limit access to the vulnerable HTTP service on the Mercury KM08-708H GiGA WiFi Wave2 device. This reduces the attack surface by preventing remote exploitation attempts. Additionally, monitoring network traffic for exploit attempts and applying any available firmware updates or patches from the vendor when released are recommended. [2]