CVE-2023-46518 – Mercury A15 V1.0 firmware version 20230818

Q: What is the severity of CVE-2023-46518?

CVE-2023-46518 has a CVSS score of 9.8 (CRITICAL). Mercury A15 V1.0 firmware version 20230818_1.0.3 contains a command execution vulnerability in the cloudDeviceTokenSuccCB component that allows remote attackers to execute arbitrary commands on affected devices. This affects Mercury A15 routers running the vulnerable firmware version. Attackers can potentially gain full control of the device.

📋 TL;DR

Mercury A15 V1.0 firmware version 20230818_1.0.3 contains a command execution vulnerability in the cloudDeviceTokenSuccCB component that allows remote attackers to execute arbitrary commands on affected devices. This affects Mercury A15 routers running the vulnerable firmware version. Attackers can potentially gain full control of the device.

💻 Affected Systems

Products:

Mercury A15 V1.0 router

Versions: Firmware version 20230818_1.0.3

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the cloudDeviceTokenSuccCB component in the specified firmware version.

📦 What is this software?

A15 Firmware by Mercurycom

View all CVEs affecting A15 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to network infiltration, data exfiltration, ransomware deployment, or use as a botnet node.

🟠

Likely Case

Remote code execution allowing device takeover, credential theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact if device is behind strict firewall rules, not internet-facing, and network segmentation is implemented.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical severity for internet-facing devices allowing remote exploitation.

🏢 Internal Only: HIGH - Even internally, this allows attackers with network access to compromise the device and pivot further.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains technical details and likely exploit code. CVSS 9.8 suggests trivial exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor website for latest firmware

Vendor Advisory: https://service.mercurycom.com.cn/download-2341.html

Restart Required: Yes

Instructions:

1. Visit Mercury support website. 2. Download latest firmware for A15 V1.0. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable cloud services

all

Disable cloud connectivity features that may trigger the vulnerable component

Check router admin interface for cloud service toggle

Network isolation

linux

Place device behind firewall blocking external access to management interfaces

iptables -A INPUT -p tcp --dport 80,443 -j DROP
iptables -A INPUT -p tcp --dport 8080,8443 -j DROP

🧯 If You Can't Patch

Isolate device in separate VLAN with strict firewall rules
Implement network monitoring for unusual outbound connections

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or Firmware Information

Check Version:

Check via web interface or ssh if enabled: cat /proc/version or show version commands

Verify Fix Applied:

Verify firmware version is newer than 20230818_1.0.3 after update

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Unexpected process creation
Failed authentication attempts to cloud services

Network Indicators:

Unexpected outbound connections from router
Traffic to unknown cloud endpoints
Port scanning originating from router

SIEM Query:

source="router_logs" AND ("cloudDeviceTokenSuccCB" OR "command execution" OR "unauthorized access")

📊 Metadata

CVE ID: CVE-2023-46518

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 25, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md Exploit
https://service.mercurycom.com.cn/download-2341.html Product
https://www.mercurycom.com.cn/ Product
https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md Exploit
https://service.mercurycom.com.cn/download-2341.html Product
https://www.mercurycom.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46518, you might also want to check these: