virus logo Intrusion Prevention

Mercury.Devices.pptp_server.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in Mercury Router.
The vulnerability is due to insufficient sanitizing of user-supplied inputs in the application. An attacker may be able to exploit this to execute arbitrary commands within the context of the system.

affected-products-logoAffected Products

Mercury MER1200 version 1.0.1
Mercury MER1200G version 1.0.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-23 28.831
Modified
 Name:Mercury.
Router.
pptp_server.
Command.
Injection:Mercury.
Devices.
pptp_server.
Command.
Injection
2024-05-16 27.789
Modified
 Default_action:pass:drop
2024-05-01 27.778
New

References

https://github.com/MrRtcl/CVE_Apply/blob/master/Mercury/Mercury%20MER1200%20Router%20v1.0.1%20RCE%20%20.md
ID 55577
Created Apr 23, 2024
Updated Jul 22, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 14.44%
Default Action drop
Active
Affected OS Other
Affected App Other
Profile Type OS Command Injection