CNNVD-202510-3179 Information

CNNVD ID

CNNVD-202510-3179

Related CVE

CVE-2025-62771

• CNNVD Published: 2025-10-22

Description (Chinese)

Mercku M6a是美国Mercku公司的一款WiFi路由器。 Mercku M6a 2.1.0及之前版本存在跨站请求伪造漏洞，该漏洞源于允许通过内部网络跨站请求伪造攻击更改密码。

Description (English)

Mercku M6a is a WiFi router of Mercku, United States. Mercku M6a 2.1.0 and previous versions had a cross-site request for a false loophole, which stemmed from allowing a false attack to be requested to change the password through an internal network.

Hazard Level

Medium

Vulnerability Type

跨站请求伪造

Affected Vendor

Mercku

Published

2025-10-22

Last Modified

2026-02-24

References

https://blog.nullvoid.me/posts/mercku-exploits/ https://seclists.org/fulldisclosure/2025/Oct/10 https://access.redhat.com/security/cve/cve-2025-62771

Patch

https://www.mercku.com/downloads/