Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a

From: cve () nullvoid me
Date: Tue, 14 Oct 2025 16:43:51 -0400
The critical vulnerabilities discovered within Mercku routers, specifically the M6a model, that could pose serious security threats to home networks. These issues allow remote code execution with minimal effort, tested against version 2.1.0 of the official firmware. 

I have also submitted a CVE request in June 2024 (CVE Request 1744791)
CSRF Vulnerability: Attackers can force a password reset without the user's consent, compromising administrative access. Hidden Telnet Backdoor: A persistent telnet server can be enabled, granting root access with the web admin password. Root Privilege Escalation: Gaining admin access results in full control over the device. Weak Session Tokens: Session tokens can be brute-forced, allowing hijacking of admin sessions. Eternal Sessions: Sessions persist indefinitely, exposing users to long-term vulnerabilities.
These vulnerabilities combine to form a dangerous attack vector, enabling local network attackers to take control of the router without user interaction. The potential for exploitation exists both through 0-click and 1-click methods, making this a pressing concern for users.
Immediate remediation is necessary. and adhering to GPL requirements associated with their OpenWrt-based firmware.
Due to unacknowledged requests for responsible disclosure from Mercku, I have opted for full transparency. For a detailed examination of these findings, including proofs of concept and a complete discussion on the implications, please refer to the post at https://blog.nullvoid.me/posts/mercku-exploits .
Assistance in disseminating this information would be invaluable to ensure user awareness and prompt action from both Mercku and ISPs who distribute these devices. 

Happy Hacking,
cve () nullvoid me

Attachment: OpenPGP_0x45E5F8C1504CDA42.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: