Cyber Resilience

CVE-2025-50398

CriticalPublic PoC

Published: 16 December 2025

Published
16 December 2025
Modified
22 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50398 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Mercurycom D196G Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-50398 is a buffer overflow vulnerability (CWE-120) in the Mercury D196G router firmware version d196gv1-cn-up_2020-01-09_11.21.44. The flaw occurs in the function sub_404CAEDC when processing the fac_password parameter, enabling improper handling of input that exceeds buffer boundaries.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity by unauthenticated attackers requiring no user interaction. Exploitation could grant high-impact access to confidential data, modification of system integrity, and disruption of availability, such as through remote code execution or system crashes.

References point to GitHub repositories at https://github.com/sezangel/IOT-vul/tree/main/Mercury/D196G/2, which document the vulnerability, including potential proof-of-concept details. No vendor advisories or patches are specified in available information.

EU & UK References

Vulnerability details

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow vulnerability in the fac_password parameter of the Mercury D196G router's likely web management interface enables exploitation of a public-facing application for remote code execution.

CVEs Like This One

CVE-2025-50401Same product: Mercurycom D196G
CVE-2026-35903Same vendor: Mercurycom
CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120
CVE-2025-25674Shared CWE-120
CVE-2022-50922Shared CWE-120

Affected Assets

mercurycom
d196g firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents buffer overflows by requiring validation of inputs like the fac_password parameter to ensure they do not exceed buffer boundaries.

prevent

SI-2 mandates identification and remediation of flaws such as the buffer overflow in sub_404CAEDC, eliminating the vulnerability through firmware patching.

prevent

SI-16 enforces memory protections that block unauthorized code execution resulting from buffer overflow exploitation in the vulnerable function.

References