Mercku M6a
5 CVEs affecting Mercku M6a. Latest disclosed: 2025-10-22. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-62775 | High | 8.0 | 2025-10-22 | Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. |
CVE-2025-62771 | High | 7.5 | 2025-10-22 | Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. |
CVE-2025-62774 | Low | 3.1 | 2025-10-22 | On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps. |
CVE-2025-62772 | Low | 3.1 | 2025-10-22 | On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. |
CVE-2025-62773 | Low | 2.4 | 2025-10-22 | Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator. |