CVE-2025-62773
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: MITRE

Description
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-06-16
AI Q&A
2025-10-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62773
EUVD
EUVD-2025-35314
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mercku m6a_router 2.1.0
openwrt openwrt *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-62773 affects Mercku M6a routers running firmware version 2.1.0 and involves multiple critical security flaws. These include a CSRF vulnerability that allows attackers to reset the admin password without consent, a hidden Telnet backdoor that can be enabled covertly granting root access using the web admin password, root privilege escalation after gaining admin access, weak session tokens vulnerable to brute-force attacks, and sessions that do not expire. Together, these flaws enable local network attackers to take control of the router with minimal effort, sometimes without any user interaction. [1]

Impact Analysis

This vulnerability can severely impact you by allowing attackers on your local network to gain full control over your Mercku M6a router. They can reset your admin password, enable a hidden Telnet backdoor for root access, hijack admin sessions through weak tokens, and maintain persistent access due to sessions that never expire. This compromises your home network security, potentially exposing all connected devices to further attacks or data interception. [1]

Detection Guidance

This vulnerability can be detected by checking if the Telnet service is enabled on the Mercku M6a router, especially if it is enabled covertly. You can scan your network for open Telnet ports (port 23) on the router's IP address. For example, use the command `nmap -p 23 <router-ip>` to see if Telnet is open. Additionally, monitoring for unusual Telnet sessions or connections using commands like `netstat -an | grep :23` on devices within the network may help detect unauthorized Telnet activity. Since the vulnerability involves enabling Telnet via a router.telnet.enabled.update request, reviewing router configuration settings or logs for such changes can also help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include disabling Telnet access on the Mercku M6a router if possible, changing the web admin password to a strong, unique password to prevent unauthorized access, and restricting administrative access to trusted devices only. Since the vulnerability allows remote enabling of Telnet and root access, avoid exposing the router's management interface to untrusted networks. Additionally, monitor for suspicious activity and consider replacing or updating the firmware if a patched version becomes available. Due to the lack of vendor response, applying network-level controls such as firewall rules to block Telnet traffic (port 23) to the router can help reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart