CVE-2025-62772
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercku | m6a_router | 2.1.0 |
| openwrt | firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Mercku M6a devices running firmware up to version 2.1.0, where session tokens remain valid for an extended period, lasting at least months in some cases. This means that once a session token is issued, it does not expire or get invalidated promptly, potentially allowing unauthorized continued access if the token is compromised.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker who obtains a valid session token to maintain access to the device or service for a prolonged period without needing to re-authenticate. This extended validity increases the risk of unauthorized access and potential misuse of the device or its services.