A high-severity vulnerability has been discovered in the Mercury KM08-708H GiGA WiFi Wave2 router. An unauthenticated attacker with network access to the device's management interface can remotely execute arbitrary commands, gaining complete control over the device. Successful exploitation could lead to network traffic interception, data theft, and using the compromised router to attack other internal systems.

The vulnerability is a pre-authentication command injection flaw within the device's web management interface. The flaw exists due to insufficient sanitization of user-supplied input in a specific API endpoint. An unauthenticated attacker can exploit this by sending a specially crafted HTTP request containing arbitrary operating system commands, which are then executed on the device with root-level privileges.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation grants a remote, unauthenticated attacker complete administrative control over the affected network device. The potential business impact is significant, including the compromise of network integrity and data confidentiality. Specific risks include the ability for an attacker to monitor, redirect, or alter all network traffic, gain a foothold to pivot into the internal corporate network, disrupt internet connectivity for all users, or enroll the device into a botnet for use in larger-scale attacks.

Immediate Action: Apply vendor-provided security updates immediately to all affected devices to patch the vulnerability. Before and after patching, it is critical to monitor for any signs of exploitation attempts and thoroughly review system and access logs for indicators of compromise.

Proactive Monitoring: Monitor web server access logs on the device for unusual or malformed requests, particularly those containing shell metacharacters (e.g., ;, |, &&, $()). Network traffic should be monitored for unexpected outbound connections from the router, especially to known malicious IP addresses or command-and-control (C2) servers. Unexplained configuration changes or device reboots should be investigated immediately.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce the risk of exploitation:

• Disable remote (WAN-side) administration of the device.
• Use a firewall to restrict access to the device's web management interface, allowing connections only from a dedicated, trusted management network or specific trusted IP addresses.

Public Exploit Available: false

Due to the High severity (CVSS 8.8) of this vulnerability, which allows for unauthenticated remote code execution, immediate action is required. The primary recommendation is to apply the vendor-supplied patches to all affected Mercury WiFi routers without delay. If patching is not immediately possible, the compensating controls outlined above, particularly restricting all access to the device's management interface, must be implemented as a temporary measure. While this vulnerability is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion and widespread exploitation.