CVE-2025-62773
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercku | m6a_router | 2.1.0 |
| openwrt | openwrt | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62773 affects Mercku M6a routers running firmware version 2.1.0 and involves multiple critical security flaws. These include a CSRF vulnerability that allows attackers to reset the admin password without consent, a hidden Telnet backdoor that can be enabled covertly granting root access using the web admin password, root privilege escalation after gaining admin access, weak session tokens vulnerable to brute-force attacks, and sessions that do not expire. Together, these flaws enable local network attackers to take control of the router with minimal effort, sometimes without any user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing attackers on your local network to gain full control over your Mercku M6a router. They can reset your admin password, enable a hidden Telnet backdoor for root access, hijack admin sessions through weak tokens, and maintain persistent access due to sessions that never expire. This compromises your home network security, potentially exposing all connected devices to further attacks or data interception. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Telnet service is enabled on the Mercku M6a router, especially if it is enabled covertly. You can scan your network for open Telnet ports (port 23) on the router's IP address. For example, use the command `nmap -p 23 <router-ip>` to see if Telnet is open. Additionally, monitoring for unusual Telnet sessions or connections using commands like `netstat -an | grep :23` on devices within the network may help detect unauthorized Telnet activity. Since the vulnerability involves enabling Telnet via a router.telnet.enabled.update request, reviewing router configuration settings or logs for such changes can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling Telnet access on the Mercku M6a router if possible, changing the web admin password to a strong, unique password to prevent unauthorized access, and restricting administrative access to trusted devices only. Since the vulnerability allows remote enabling of Telnet and root access, avoid exposing the router's management interface to untrusted networks. Additionally, monitor for suspicious activity and consider replacing or updating the firmware if a patched version becomes available. Due to the lack of vendor response, applying network-level controls such as firewall rules to block Telnet traffic (port 23) to the router can help reduce risk. [1]