← back
CVE-2021-23241

CVE-2021-23241

23Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 13%
exploitation probability
13%top 4% of all CVEs
observed exploitation
nono source reports it
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
Affected products
n/a · n/a