CVE-2025-50401
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercurycom | d196g_firmware | * |
| mercurycom | d196g | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking for the vulnerable Mercury D196G device firmware version and monitoring for abnormal behavior related to the password parameter handling. Specific commands or scripts for detection are not detailed in the provided resources. [1]
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the Mercury D196G device, specifically in the function sub_404CAEDC, which can be triggered via the password parameter. A buffer overflow occurs when more data is written to a buffer than it can hold, potentially allowing an attacker to execute arbitrary code or cause a crash. [1]
How can this vulnerability impact me? :
The buffer overflow vulnerability can allow an attacker to execute arbitrary code on the affected device, potentially leading to unauthorized access, device malfunction, or denial of service. This can compromise the security and availability of the device and any network it is connected to. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly provided in the resources. Generally, mitigation would include updating the device firmware to a non-vulnerable version if available, restricting access to the device, and monitoring for exploitation attempts. [1]