CVE-2025-65288
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercurycom | mr816_firmware | 081c3114_4.8.7 |
| mercurycom | mr816 | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the Mercury MR816v2 device that occurs when the device accepts and stores excessively long hostnames from LAN hosts without properly checking their length. The device's code copies or concatenates these hostnames into fixed-size buffers without validation, which can cause the buffer to overflow. This overflow can lead to a crash (denial of service) and potentially allow an attacker to execute code remotely.
How can this vulnerability impact me? :
The vulnerability can impact you by causing the affected device to crash, resulting in denial of service. More seriously, it may allow an attacker to execute arbitrary code remotely on the device, potentially compromising the device and the network it is connected to.