CVE-2025-62773 identifies a hidden functionality vulnerability (CWE-912) in Mercku M6a routers up to firmware version 2.1.0. The vulnerability allows an administrator to enable TELNET sessions on the device by sending a specific router.telnet.enabled.update request. TELNET is an insecure protocol that transmits data in plaintext, making it susceptible to interception and credential theft. Although the vulnerability requires administrator-level privileges to exploit, the presence of this hidden functionality increases the attack surface by enabling TELNET access that might otherwise be disabled. This could facilitate lateral movement or unauthorized configuration changes if an attacker obtains administrative credentials. The CVSS 3.1 vector (AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) indicates that the attack requires adjacent network access, low complexity, and high privileges, with no user interaction needed. The impact is limited to integrity, as unauthorized changes could be made, but confidentiality and availability are not directly affected. No known exploits have been reported, and no patches have been published yet. The vulnerability highlights the risk of undocumented or hidden features in network devices that can be leveraged by attackers with elevated access.

For European organizations, the impact of CVE-2025-62773 is primarily related to the potential misuse of administrative access to enable insecure TELNET sessions on Mercku M6a routers. While the vulnerability itself does not allow remote unauthenticated attackers to gain access, if administrator credentials are compromised through other means (phishing, credential reuse, insider threat), attackers could enable TELNET and perform unauthorized configuration changes. This could undermine network integrity and potentially facilitate further attacks within the internal network. Sectors such as telecommunications, critical infrastructure, and enterprises relying on Mercku M6a devices for network connectivity may face increased risk. The use of TELNET could also expose sensitive administrative credentials if network traffic is intercepted. However, the low CVSS score and requirement for high privileges limit the overall risk. Organizations with strong administrative access controls and network segmentation will be less affected.

1. Immediately audit and monitor administrative access to Mercku M6a devices to detect any unusual or unauthorized configuration changes, especially those enabling TELNET. 2. Disable TELNET access on all Mercku M6a routers unless explicitly required for legacy reasons; prefer secure management protocols such as SSH. 3. Enforce strong, unique administrator credentials and implement multi-factor authentication (MFA) for device management interfaces to reduce the risk of credential compromise. 4. Segment management networks to restrict access to router administration only to trusted personnel and systems. 5. Regularly review router firmware updates from Mercku and apply patches promptly once available to address this and other vulnerabilities. 6. Employ network intrusion detection systems (NIDS) to monitor for TELNET traffic or unusual administrative commands. 7. Conduct periodic security assessments of network devices to identify hidden or undocumented functionalities that could pose risks.