CVE-2021-27825 – This directory traversal vulnerability in Mercu... (How to Fix)

Q: What is the severity of CVE-2021-27825?

CVE-2021-27825 has a CVSS score of 7.5 (HIGH). This directory traversal vulnerability in Mercury MAC1200R routers allows attackers to read arbitrary files on the device by manipulating web-static/ URLs. Attackers can access sensitive configuration files, credentials, or system information without authentication. Only users of Mercury MAC1200R routers are affected.

📋 TL;DR

This directory traversal vulnerability in Mercury MAC1200R routers allows attackers to read arbitrary files on the device by manipulating web-static/ URLs. Attackers can access sensitive configuration files, credentials, or system information without authentication. Only users of Mercury MAC1200R routers are affected.

💻 Affected Systems

Products:

Mercury MAC1200R

Versions: All versions prior to patch (specific patched version unknown)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface accessible via LAN or WAN. No authentication required for exploitation.

📦 What is this software?

Mac1200r Firmware by Mercurycom

View all CVEs affecting Mac1200r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative credentials, compromise the router completely, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Attackers extract configuration files containing admin passwords, Wi-Fi credentials, and network settings to hijack the router.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the router itself without lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request manipulation required. Public exploit code available in Packet Storm references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.mercurycom.com.cn/product-1-1.html

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Upload and apply firmware update. 5. Reboot router.

🔧 Temporary Workarounds

Disable WAN access to web interface

all

Prevent external exploitation by disabling remote administration

Access router admin panel → Security → Remote Management → Disable

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected devices with supported models
Implement strict firewall rules blocking all external access to router web interface

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[router-ip]/web-static/../../../etc/passwd or similar traversal paths

Check Version:

Check router web interface → System Status → Firmware Version

Verify Fix Applied:

Test same traversal attempts after patching - should return 404 or access denied

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'web-static/' with '../' sequences
Access to sensitive system files from web interface

Network Indicators:

Unusual HTTP requests to router IP with directory traversal patterns
Multiple failed access attempts to admin paths

SIEM Query:

http.url:*web-static* AND http.url:*..%2F*

📊 Metadata

CVE ID: CVE-2021-27825

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: May 29, 2023

Last Updated: January 14, 2025

🔗 References

http://packetstormsecurity.com/files/171771/MAC-1200R-Directory-Traversal.html Third Party Advisory,VDB Entry
https://www.mercurycom.com.cn/product-1-1.html Product
http://packetstormsecurity.com/files/171771/MAC-1200R-Directory-Traversal.html Third Party Advisory,VDB Entry
https://www.mercurycom.com.cn/product-1-1.html Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27825, you might also want to check these: