CVE-2025-62771 is a Cross-Site Request Forgery (CSRF) vulnerability classified under CWE-352 that affects Mercku M6a networking devices running firmware versions up to 2.1.0. The vulnerability allows an attacker who can send requests within the local network (intranet) to change the device's password without requiring any authentication or user interaction. CSRF attacks exploit the trust a device places in a user's browser or network session, enabling unauthorized commands to be executed. In this case, the Mercku M6a device fails to properly validate the origin or authenticity of password change requests, allowing an attacker to craft malicious requests that the device accepts as legitimate. The CVSS v3.1 score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that the attack vector is adjacent network (intranet), requires high attack complexity, no privileges or user interaction, and impacts confidentiality, integrity, and availability at a high level. The vulnerability could lead to complete takeover of the device by changing the password, potentially disrupting network operations or enabling further attacks. No patches or exploits are currently documented, but the risk remains significant due to the nature of the flaw and the critical role of such devices in network infrastructure.

For European organizations, this vulnerability poses a significant risk to network security and operational continuity. Mercku M6a devices are typically used in small to medium enterprise environments and possibly in critical infrastructure segments. An attacker exploiting this vulnerability could gain unauthorized administrative access by changing device passwords, leading to potential network disruption, interception of sensitive data, or pivoting to other internal systems. Confidentiality is compromised as attackers could manipulate device settings or capture traffic. Integrity is affected through unauthorized configuration changes, and availability could be impacted if devices are locked out or misconfigured. The vulnerability is particularly concerning in environments with lax intranet access controls or where devices are exposed to untrusted internal users or compromised endpoints. European organizations with dense deployments of Mercku devices or those in sectors like finance, healthcare, or government should consider this a high priority threat.

1. Immediately restrict access to the Mercku M6a device management interface to trusted network segments only, using VLANs or firewall rules to isolate the device from general intranet access. 2. Implement network segmentation to separate critical network devices from user workstations and guest networks, reducing the attack surface. 3. Monitor network traffic for unusual POST requests or configuration changes targeting Mercku devices, employing intrusion detection systems with custom signatures if possible. 4. Enforce strong internal network security policies, including endpoint security to prevent compromised devices from launching CSRF attacks. 5. Contact Mercku support for firmware updates or patches addressing this vulnerability and apply them promptly once available. 6. If patches are unavailable, consider deploying compensating controls such as disabling remote management features or using VPNs with strict authentication for device access. 7. Educate network administrators about the risks of CSRF and ensure secure management practices are followed. 8. Regularly audit device configurations and access logs to detect unauthorized changes early.