Primary

Context

Mercury D196G Buffer Overflow Vulnerability in fac_password Parameter

Vulnerability

A buffer overflow vulnerability has been identified in the Mercury D196G device, specifically in the firmware version d196gv1-cn-up_2020-01-09_11.21.44. The issue arises in the function sub_404CAEDC, where the parameter fac_password is handled without proper validation. This vulnerability can be exploited by sending a crafted HTTP request, leading to a denial-of-service condition where the device crashes.

Impact

Exploitation of this vulnerability causes the device to crash, creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the device's web interface. The request must include a JSON payload that specifies a password for the 'fac_password' parameter, deliberately crafted to overflow the buffer. This can be done using a Python script that utilizes the 'requests' library to automate the process.

Added: Dec 16, 2025, 5:48 PM

Updated: Dec 16, 2025, 5:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mercury D196G Buffer Overflow Vulnerability in fac_password Parameter

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating