CVE-2025-65288

MEDIUM

Mercurycom Mr816 Firmware - Buffer Overflow

Title source: rule

Description

A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long hostname can overflow the buffer, cause a crash (DoS) and potentially enabling remote code execution.

References (1)

[Exploit, Third Party Advisory] https://damiri.fr/en/cve/CVE-2025-65288

Scores

CVSS v3 6.5

EPSS 0.0009

EPSS Percentile 25.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-120

Status published

Affected Products (1)

mercurycom/mr816_firmware

Timeline

Published Dec 09, 2025

Tracked Since Feb 18, 2026