CVE-2025-10392 is a critical security vulnerability identified in the Mercury KM08-708H GiGA WiFi Wave2 router, specifically version 1.1.14. The flaw exists within the HTTP Header Handler component, where improper handling of the 'Host' argument leads to a stack-based buffer overflow. This vulnerability can be exploited remotely without requiring any authentication or user interaction, making it highly accessible to attackers. The buffer overflow occurs when the attacker crafts a malicious HTTP request with a manipulated Host header, causing the device to overwrite parts of the stack memory. This can lead to arbitrary code execution, potentially allowing an attacker to take full control of the affected device, disrupt network operations, or pivot to other internal systems. The CVSS 4.0 base score of 9.3 reflects the critical nature of this vulnerability, highlighting its high impact on confidentiality, integrity, and availability, combined with ease of exploitation. Although no public exploits have been observed in the wild yet, the exploit code is publicly available, increasing the risk of imminent attacks. The absence of a patch or mitigation from the vendor at the time of publication further exacerbates the threat landscape for users of this device.

For European organizations, the exploitation of this vulnerability could have severe consequences. The Mercury KM08-708H GiGA WiFi Wave2 is used in various enterprise and possibly critical infrastructure networks for wireless connectivity. Successful exploitation could lead to unauthorized access to internal networks, data breaches, disruption of business operations, and potential lateral movement within corporate environments. This is particularly concerning for sectors with high reliance on secure and stable network infrastructure, such as finance, healthcare, government, and telecommunications. The ability to remotely execute code without authentication means attackers can launch attacks at scale, potentially targeting multiple organizations simultaneously. Additionally, compromised routers can be used as entry points for espionage or ransomware campaigns, amplifying the impact on confidentiality and availability of sensitive information and services.

Given the critical nature of CVE-2025-10392 and the lack of an official patch, European organizations should implement immediate compensating controls. These include isolating affected devices from the internet and untrusted networks, restricting management interfaces to trusted IP addresses only, and deploying network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block malformed HTTP Host headers. Network segmentation should be enforced to limit the potential spread of an attacker who compromises a device. Monitoring network traffic for unusual patterns or spikes in HTTP requests with suspicious Host headers can provide early detection. Organizations should also engage with the vendor for updates and apply patches as soon as they become available. In parallel, conducting an inventory of all Mercury KM08-708H devices and upgrading firmware to unaffected versions or replacing vulnerable hardware should be prioritized. Finally, incident response plans should be updated to address potential exploitation scenarios related to this vulnerability.