CVE-2025-50401
Published: 16 December 2025
Description
Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the buffer overflow vulnerability in the router firmware by requiring timely patching or replacement of the affected Mercury D196G version.
Prevents exploitation by enforcing strict validation of the password parameter to avoid buffer overflow in sub_404CAEDC.
Mitigates buffer overflow impacts through memory protections like ASLR and DEP, hindering remote code execution even if input validation fails.
Security SummaryAI
CVE-2025-50401 is a buffer overflow vulnerability (CWE-120) in the Mercury D196G router firmware version d196gv1-cn-up_2020-01-09_11.21.44. The flaw occurs in the function sub_404CAEDC when processing the password parameter. Published on 2025-12-16, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Exploitation enables high-impact compromise, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, likely leading to remote code execution on the affected device.
Proof-of-concept details are available in the GitHub repository at https://github.com/sezangel/IOT-vul/tree/main/Mercury/D196G/1. No vendor advisories or patches are referenced in the CVE information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in router firmware allows remote unauthenticated exploitation of a public-facing application/service, enabling RCE.