lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1f3b8090-b664-4152-acdb-dba4df8e2590@nullvoid.me>
Date: Tue, 14 Oct 2025 16:43:51 -0400
From: cve@...lvoid.me
To: fulldisclosure@...lists.org
Subject: [FD] Urgent Security Vulnerabilities Discovered in Mercku Routers
 Model M6a

The critical vulnerabilities discovered within Mercku routers, 
specifically the M6a model, that could pose serious security threats to 
home networks. These issues allow remote code execution with minimal 
effort, tested against version 2.1.0 of the official firmware.

I have also submitted a CVE request in June 2024 (CVE Request 1744791)

     CSRF Vulnerability: Attackers can force a password reset without 
the user's consent, compromising administrative access.
     Hidden Telnet Backdoor: A persistent telnet server can be enabled, 
granting root access with the web admin password.
     Root Privilege Escalation: Gaining admin access results in full 
control over the device.
     Weak Session Tokens: Session tokens can be brute-forced, allowing 
hijacking of admin sessions.
     Eternal Sessions: Sessions persist indefinitely, exposing users to 
long-term vulnerabilities.

These vulnerabilities combine to form a dangerous attack vector, 
enabling local network attackers to take control of the router without 
user interaction. The potential for exploitation exists both through 
0-click and 1-click methods, making this a pressing concern for users.

Immediate remediation is necessary. and adhering to GPL requirements 
associated with their OpenWrt-based firmware.

Due to unacknowledged requests for responsible disclosure from Mercku, I 
have opted for full transparency. For a detailed examination of these 
findings, including proofs of concept and a complete discussion on the 
implications, please refer to the post at 
https://blog.nullvoid.me/posts/mercku-exploits .

Assistance in disseminating this information would be invaluable to 
ensure user awareness and prompt action from both Mercku and ISPs who 
distribute these devices.

Happy Hacking,
cve@...lvoid.me

Download attachment "OpenPGP_0x45E5F8C1504CDA42.asc" of type "application/pgp-keys" (1206 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ