CVE-2025-50401
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-50401, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-16

Last updated on: 2025-12-22

Assigner: MITRE

Description

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-16
Last Modified
2025-12-22
Generated
2026-07-06
AI Q&A
2025-12-16
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
mercurycom d196g_firmware *
mercurycom d196g *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the Mercury D196G device, specifically in the function sub_404CAEDC, which can be triggered via the password parameter. A buffer overflow occurs when more data is written to a buffer than it can hold, potentially allowing an attacker to execute arbitrary code or cause a crash. [1]

Impact Analysis

The buffer overflow vulnerability can allow an attacker to execute arbitrary code on the affected device, potentially leading to unauthorized access, device malfunction, or denial of service. This can compromise the security and availability of the device and any network it is connected to. [1]

Detection Guidance

Detection can involve checking for the vulnerable Mercury D196G device firmware version and monitoring for abnormal behavior related to the password parameter handling. Specific commands or scripts for detection are not detailed in the provided resources. [1]

Mitigation Strategies

Immediate mitigation steps are not explicitly provided in the resources. Generally, mitigation would include updating the device firmware to a non-vulnerable version if available, restricting access to the device, and monitoring for exploitation attempts. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-50401. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart