CVE-2025-62775 is a vulnerability identified in Mercku M6a devices running firmware versions up to 2.1.0. The core issue is related to CWE-669, which involves incorrect resource transfer between security spheres, leading to a security boundary bypass. Specifically, the vulnerability allows an attacker with network access and low privileges to authenticate using the web administration password and gain root-level access via TELNET. This means that the TELNET service on the device accepts the web admin password for root login, which is a critical security flaw because TELNET is an unencrypted protocol, exposing credentials and session data to interception. The CVSS v3.1 score is 8.0, reflecting high severity due to the combination of network attack vector (AV:A - adjacent network), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability allows full control over the device, enabling attackers to manipulate device settings, intercept or redirect traffic, or disrupt network availability. No patches or updates have been published yet, and no known exploits are reported in the wild, but the risk remains significant given the ease of exploitation and potential impact. The vulnerability affects all versions up to 2.1.0, with the affectedVersions field indicating '0' which likely means all current versions at the time of disclosure. The root cause is improper handling of authentication credentials across different security domains within the device’s firmware, allowing TELNET root login using the web admin password.

For European organizations, this vulnerability poses a serious risk to network security and operational continuity. Mercku M6a devices are typically used as wireless access points or network extenders, often deployed in enterprise, SMB, and critical infrastructure environments. An attacker exploiting this vulnerability can gain root access, allowing them to alter network configurations, intercept sensitive communications, deploy malware, or create persistent backdoors. This compromises confidentiality, integrity, and availability of network resources. In sectors such as finance, healthcare, energy, and government, where secure and reliable network infrastructure is critical, this could lead to data breaches, service disruptions, and regulatory non-compliance under GDPR and other frameworks. The use of TELNET exacerbates the risk due to its lack of encryption, increasing the chance of credential interception. The vulnerability’s network adjacency requirement means attackers need to be on the same or connected network segment, which is feasible in many enterprise environments or via compromised internal hosts. The absence of patches increases exposure time, necessitating immediate mitigation steps.

1. Immediately disable TELNET access on all Mercku M6a devices if possible, or restrict TELNET access to trusted management networks only. 2. Change the web admin password to a strong, unique password that is not reused elsewhere and enforce regular password rotation. 3. Implement network segmentation to isolate management interfaces from general user networks, reducing the risk of network adjacency exploitation. 4. Monitor network traffic for TELNET connections and unusual authentication attempts, using IDS/IPS solutions to detect potential exploitation attempts. 5. Where feasible, replace affected devices with models or firmware versions that do not exhibit this vulnerability once patches become available. 6. Employ multi-factor authentication (MFA) for device management interfaces if supported. 7. Maintain an inventory of all Mercku M6a devices and track firmware versions to prioritize updates when patches are released. 8. Educate network administrators about the risks of TELNET and encourage use of secure protocols such as SSH for device management.