Cyber Resilience

CVE-2025-50401

CriticalPublic PoC

Published: 16 December 2025

Published
16 December 2025
Modified
22 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 25.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50401 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Mercurycom D196G Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-50401 is a buffer overflow vulnerability (CWE-120) in the Mercury D196G router firmware version d196gv1-cn-up_2020-01-09_11.21.44. The flaw occurs in the function sub_404CAEDC when processing the password parameter. Published on 2025-12-16, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Exploitation enables high-impact compromise, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, likely leading to remote code execution on the affected device.

Proof-of-concept details are available in the GitHub repository at https://github.com/sezangel/IOT-vul/tree/main/Mercury/D196G/1. No vendor advisories or patches are referenced in the CVE information.

EU & UK References

Vulnerability details

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in router firmware allows remote unauthenticated exploitation of a public-facing application/service, enabling RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-50398Same product: Mercurycom D196G
CVE-2026-35903Same vendor: Mercurycom
CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120
CVE-2025-25674Shared CWE-120
CVE-2022-50922Shared CWE-120

Affected Assets

mercurycom
d196g firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow vulnerability in the router firmware by requiring timely patching or replacement of the affected Mercury D196G version.

prevent

Prevents exploitation by enforcing strict validation of the password parameter to avoid buffer overflow in sub_404CAEDC.

prevent

Mitigates buffer overflow impacts through memory protections like ASLR and DEP, hindering remote code execution even if input validation fails.

References