Merck'd-U!

October 10, 2025 - 7 mins read

mercku
router
CVE
exploit
full disclosure
CVE-2025-62771
CVE-2025-62771
CVE-2025-62773
CVE-2025-62774
CVE-2025-62775

Full disclosure of 0-Click / 1-Click RCE in default ISP routers (Mercku M6a)

Introduction

AI Generated image of a “hacked” wifi router. Router vulnerabilities continue to pose significant threats to home networks. Today, I’ll document a series of critical flaws discovered in Mercku routers, specifically the M6a model, that could allow attackers to achieve remote code execution with minimal effort. This has been tested and confirmed against version 2.1.0 of the official firmware. These vulnerabilities have been assigned CVE-2025-62771 through CVE-2025-62775.