CVE-2025-50398
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-50398, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-16

Last updated on: 2025-12-22

Assigner: MITRE

Description

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-16
Last Modified
2025-12-22
Generated
2026-07-06
AI Q&A
2025-12-16
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
mercurycom d196g_firmware *
mercurycom d196g *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the Mercury D196G device, specifically in the function sub_404CAEDC via the parameter fac_password. A buffer overflow occurs when more data is written to a buffer than it can hold, potentially allowing an attacker to overwrite adjacent memory and execute arbitrary code or cause a crash. [1]

Impact Analysis

The buffer overflow vulnerability can allow an attacker to execute arbitrary code on the affected device, potentially leading to unauthorized access, device malfunction, or denial of service. This could compromise the security and availability of the device and any network it is connected to. [1]

Detection Guidance

Detection of this vulnerability can be performed by testing the parameter fac_password for buffer overflow attempts. Specific commands or scripts to test this are available in the GitHub repository at https://github.com/sezangel/IOT-vul/tree/main/Mercury/D196G/2, which contains proof-of-concept code and testing tools for the Mercury D196G device. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable device, applying any available patches or firmware updates from the vendor, and monitoring for suspicious activity targeting the fac_password parameter. If no patch is available, consider isolating the device from untrusted networks to prevent exploitation. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-50398. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart