CVE-2025-62775
📋 TL;DR
Mercku M6a devices allow root TELNET logins using the web admin password, enabling attackers to gain full administrative control. This affects Mercku M6a devices running firmware up to version 2.1.0. Attackers can exploit this to compromise the device and potentially pivot to internal networks.
💻 Affected Systems
- Mercku M6a
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover leading to network pivoting, data interception, malware deployment, and persistent backdoor installation.
Likely Case
Unauthorized root access allowing configuration changes, network traffic monitoring, and credential harvesting from connected devices.
If Mitigated
Limited impact if TELNET is disabled, strong passwords are used, and network segmentation isolates the device.
🎯 Exploit Status
Exploit requires web admin password but uses simple TELNET authentication bypass. Public disclosure includes technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Check Mercku website for firmware updates beyond version 2.1.0.
🔧 Temporary Workarounds
Disable TELNET service
linuxCompletely disable TELNET access to prevent exploitation
telnetd -l /bin/login
Change web admin password
allUse strong, unique password for web admin interface
🧯 If You Can't Patch
- Disable TELNET service completely
- Implement network segmentation to isolate Mercku devices
- Monitor for TELNET connection attempts
🔍 How to Verify
Check if Vulnerable:
Attempt TELNET login as root using web admin password: telnet [device_ip]Check Version:
Check web interface or use nmap to identify firmware versionVerify Fix Applied:
Verify TELNET service is disabled or requires different credentials than web admin password📡 Detection & Monitoring
Log Indicators:
- Failed/successful TELNET authentication attempts
- Root login via TELNET
- Multiple authentication attempts from single source
Network Indicators:
- TELNET traffic to Mercku devices
- Unusual outbound connections from Mercku devices
- Port 23 traffic
SIEM Query:
source_ip="Mercku_device" AND (protocol="TELNET" OR port=23) AND (event_type="authentication" OR user="root")