CVE-2025-62771 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Mercku M6a devices running firmware versions up to 2.1.0. The vulnerability allows an attacker who has access to the same intranet as the device to perform unauthorized password changes without requiring authentication or user interaction. CSRF attacks exploit the trust a device places in a user's browser or network context, enabling malicious commands to be executed on the device by tricking it into accepting forged requests. In this case, the Mercku M6a device's web interface lacks sufficient CSRF protections, such as anti-CSRF tokens or proper validation of request origins, allowing attackers to send crafted HTTP requests that change the device password. The CVSS v3.1 score of 7.5 reflects a high severity due to the significant impact on confidentiality, integrity, and availability (all rated high), despite the attack vector being local network (AV:A) and requiring high attack complexity (AC:H). No privileges or user interaction are needed, which increases the risk once an attacker gains intranet access. Although no exploits have been reported in the wild, the vulnerability poses a serious threat to network security, as password changes can lock out legitimate users and enable persistent unauthorized access. The lack of available patches necessitates immediate mitigation through network controls and monitoring.

For European organizations, this vulnerability could lead to unauthorized control over Mercku M6a devices, potentially disrupting network operations and compromising sensitive data. Password changes without authorization can result in denial of service by locking out administrators or enable attackers to maintain persistent access for further exploitation. Organizations relying on these devices for critical network infrastructure or in environments with sensitive data are at heightened risk. The requirement for intranet access limits remote exploitation but does not eliminate risk, especially in environments with weak internal network segmentation or compromised endpoints. The impact extends to confidentiality breaches, integrity violations, and availability disruptions, which could affect business continuity and compliance with data protection regulations such as GDPR. Additionally, the absence of patches increases the window of exposure, necessitating proactive defensive measures.

1. Implement strict network segmentation to isolate Mercku M6a devices from general user networks, limiting intranet access only to trusted administrators and systems. 2. Employ network access controls such as 802.1X authentication and VLANs to restrict unauthorized devices from connecting to the intranet segment hosting the Mercku devices. 3. Monitor network traffic for unusual HTTP requests targeting the device's management interface, particularly POST requests that could indicate CSRF attempts. 4. Disable or restrict web management interfaces on Mercku M6a devices if not required, or restrict access to management interfaces via IP whitelisting. 5. Educate network administrators about the vulnerability and the risks of intranet-based attacks to ensure vigilance. 6. Regularly check for firmware updates or vendor advisories and apply patches promptly once available. 7. Consider deploying web application firewalls or intrusion detection systems capable of detecting CSRF patterns within the local network. 8. Maintain strong endpoint security to prevent intranet devices from being compromised and used as attack vectors.