Mercusys MW301R CVE-2025-7882
LOWSeverity by source
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Improper brute-force protection in the Mercusys MW301R router allows local network attackers to conduct excessive authentication attempts against the login component without rate limiting. The vulnerability affects firmware version 1.0.2 Build 190726 Rel.59423n and permits attackers to bypass authentication attempt restrictions, though actual credential compromise requires additional attack complexity. Public exploit code exists, but the vendor has not responded to disclosure and provided no patch.
Technical ContextAI
The Mercusys MW301R is a wireless router that exposes an unauthenticated or weakly protected login interface. The vulnerability stems from a failure to implement or enforce rate limiting and account lockout mechanisms in the authentication subsystem, classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts). An attacker on the local network can repeatedly submit login requests without encountering delays, temporary account locks, or progressive backoff, enabling brute-force attacks against administrator or user accounts. The login component processes authentication requests without sufficient protective controls.
Affected ProductsAI
Mercusys MW301R firmware version 1.0.2 Build 190726 Rel.59423n. The vendor has not released patched firmware versions and did not respond to early disclosure notification.
RemediationAI
No vendor-released patch is available for this vulnerability. Primary mitigation is network segmentation: restrict administrative access to the router's web interface to a trusted management VLAN or specific IP ranges using firewall rules on any upstream security appliances. If the router supports it, configure a strong, unique administrator password and disable remote management features entirely. Disable wireless access if the router is used only for wired connectivity, eliminating the local network attack surface. Consider replacing the device with a newer model from Mercusys or an alternative vendor that maintains active security support. If continued use is necessary, monitor login attempt logs for brute-force patterns and disable the administrative interface during periods of non-use. Note that these controls do not address the underlying vulnerability but reduce the practical attack surface.
Share
External POC / Exploit Code
Leaving vuln.today