CVE-2021-25810: XSS
First published: Thu Apr 29 2021(Updated: )
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mercusys Mercury X18g Firmware | =1.0.5 | |
| MERCUSYS Mercury X18G |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-25810?
CVE-2021-25810 is a Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices.
How does CVE-2021-25810 affect MERCUSYS Mercury X18G 1.0.5 devices?
CVE-2021-25810 allows attackers to exploit a Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices by sending crafted values to certain parameters.
What is the severity of CVE-2021-25810?
The severity of CVE-2021-25810 is medium, with a severity score of 6.1.
How can I fix CVE-2021-25810 in my MERCUSYS Mercury X18G 1.0.5 device?
To fix CVE-2021-25810, it is recommended to update your MERCUSYS Mercury X18G firmware to a version that addresses the Cross site Scripting (XSS) vulnerability.
Where can I find more information about CVE-2021-25810?
You can find more information about CVE-2021-25810 in the references provided: [GitHub link](https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Stored%20XSS.md), [MERCUSYS website](https://www.mercurycom.com.cn/product-521-1.html), [Mercusys website](https://www.mercusys.com/en/)
- collector/nvd-index
- vendor/mercusys
- canonical/mercusys mercury x18g firmware
- version/mercusys mercury x18g firmware/1.0.5
- canonical/mercusys mercury x18g