CVE-2025-10385

8.8 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Mercury KM08-708H GiGA WiFi Wave2 routers allows remote attackers to execute arbitrary code by manipulating the ChgUserId parameter. This affects all users of version 1.1 of this specific router model. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

• Mercury KM08-708H GiGA WiFi Wave2

Versions: 1.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific model and version; other Mercury routers may not be vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, network traffic interception, credential theft, and lateral movement to connected devices.

🟠

Likely Case

Router takeover allowing attacker to modify network settings, intercept traffic, or use the device as a foothold for further attacks.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making weaponization likely. Remote exploitation without authentication is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates. If unavailable, consider replacement.

🔧 Temporary Workarounds

Network Isolation

all

Place router behind firewall with strict inbound rules and disable WAN administration

Access Restriction

all

Restrict administrative access to specific IP addresses only

🧯 If You Can't Patch

• Replace affected routers with patched or different models
• Implement strict network segmentation to isolate vulnerable routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Copy

Check router web interface or CLI for firmware version. If version is 1.1, device is vulnerable.

Check Version:

Copy

Check router web interface at http://[router-ip]/ or use telnet/ssh if available

Verify Fix Applied:

Copy

Verify firmware version has been updated to a version later than 1.1

📡 Detection & Monitoring

Log Indicators:

• Unusual POST requests to /goform/mcr_setSysAdm with long ChgUserId parameters
• Multiple failed login attempts followed by buffer overflow patterns

Network Indicators:

• Unusual traffic patterns from router IP
• Unexpected outbound connections from router

SIEM Query:

Copy

source="router_logs" AND uri="/goform/mcr_setSysAdm" AND (param_length>100 OR contains(param,"ChgUserId"))

📊 Metadata

CVE ID: CVE-2025-10385

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.11% exploit probability (30th percentile)

Published: September 14, 2025

Last Updated: September 15, 2025

🔗 References

• https://github.com/Jjx-wy/kt/blob/main/KT%20KM08-708H.md
• https://vuldb.com/?ctiid.323820
• https://vuldb.com/?id.323820
• https://vuldb.com/?submit.643902

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10385, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)

CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)

CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)