A critical vulnerability has been discovered in multiple Mercury networking products, including the KM08-708H GiGA WiFi Wave2 router. This flaw allows an unauthenticated remote attacker to send a specially crafted network request to a vulnerable device, potentially leading to a full system compromise. Successful exploitation could allow an attacker to take complete control of the device, intercept network traffic, and launch further attacks against the internal network.

This vulnerability is a stack-based buffer overflow within the HTTP Header Handler component of the device's firmware. An unauthenticated remote attacker can trigger this flaw by sending an HTTP request containing a specially crafted, overly long value in the Host header. The vulnerable component fails to properly validate the length of the Host header input, allowing the attacker to overwrite the program's stack, which can lead to the execution of arbitrary code with the privileges of the device's web server process.

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit would have a significant business impact, as it could lead to a complete compromise of the affected network device. Potential consequences include the ability for an attacker to eavesdrop on all network traffic, redirect users to malicious websites, disrupt network connectivity, or use the compromised device as a pivot point to attack other critical assets on the internal network. This poses a direct risk to data confidentiality, integrity, and the availability of network services.

Immediate Action: Update affected Mercury products to the latest patched firmware version provided by the vendor immediately. After applying the update, monitor system logs and network traffic for any signs of compromise or further exploitation attempts.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from affected devices. Specifically, configure network security tools (such as an IDS/IPS or WAF) to alert on and block HTTP requests containing unusually long or malformed Host headers. Monitor device logs for unexpected reboots, high CPU utilization, or unauthorized configuration changes.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce the risk of exploitation:

• Restrict all access to the device's web-based management interface from the internet.
• If remote management is necessary, use a firewall to limit access to a small set of trusted IP addresses.
• Deploy a Web Application Firewall (WAF) in front of the device to filter malicious HTTP traffic.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability, immediate action is required. Although CVE-2025-10392 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for unauthenticated remote code execution presents a significant risk of full system compromise. We strongly recommend that all affected Mercury devices be identified and patched on a priority basis. If patching is delayed, access to the device's management interface must be restricted from all untrusted networks, and proactive monitoring for exploitation attempts should be implemented without delay.