Mercusys MW301R CVE-2025-7881
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Weak password recovery in Mercusys MW301R 1.0.2 Build 190726 allows high-privileged authenticated attackers to manipulate the code argument in the web interface to disclose or modify password recovery mechanisms, with publicly available exploit code. The vendor has not responded to early disclosure notification. EPSS exploitation probability is 0.04% (13th percentile), indicating minimal real-world exploitation likelihood despite public POC availability.
Technical ContextAI
The vulnerability resides in the web interface password recovery functionality of the Mercusys MW301R router (a 300Mbps wireless N router). The affected component processes the 'code' argument without proper validation or strength verification, implementing weak cryptographic or validation logic for password recovery mechanisms. This is classified under CWE-640 (Weak Password Recovery Mechanism), which encompasses flaws in authentication token generation, temporary credential handling, or recovery answer validation. The attack vector is network-based, targeting the router's HTTP/HTTPS web administration interface. The vulnerability requires high-level privileges (PR:H), indicating an authenticated admin or high-privileged user context, which significantly constrains real-world exploitation scenarios.
Affected ProductsAI
Mercusys MW301R versions up to and including 1.0.2 Build 190726 Rel.59423n are confirmed affected. Mercusys MW301R is a budget 300Mbps wireless N router commonly deployed in small office/home office (SOHO) environments. No later firmware versions or patched builds are documented in available advisories, and the vendor did not respond to early disclosure.
RemediationAI
No vendor-released patch identified at time of analysis, as the manufacturer did not respond to disclosure and no firmware update addressing this issue has been published. As a compensating control, restrict access to the web interface to trusted networks only by implementing firewall rules that limit HTTP/HTTPS access to the router's management IP to known administrative subnets (trade-off: reduces remote administration flexibility). Alternatively, disable remote management of the router entirely via the web interface settings (access only via local LAN), eliminating the network attack vector entirely if remote admin is not required. Monitor password recovery attempts by checking router logs for failed authentication during code parameter manipulation. For organizations requiring this router model, evaluate firmware end-of-life status and migration to actively maintained router models with responsive vendor support.
Share
External POC / Exploit Code
Leaving vuln.today