Mercusys MW302R CVE-2026-31267
MEDIUMSeverity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description explicitly requires administrative privileges (PR:H); AV:A retained per CVSS vector; DoS-only impact confirmed by description (C:N, I:N, A:H).
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address.
AnalysisAI
Stack-based buffer overflow in the Mercusys MW302R (EU) V1 1.4.10 Build 231023 administrative web interface allows an authenticated attacker with administrative access on the same network segment to crash the device by sending a specially crafted HTTP request. The crash results from control flow being redirected to an arbitrary instruction address - a classic CWE-121 stack overflow pattern that produces denial of service. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: (1) the attacker must be on the same local network segment as the MW302R (AV:A - internet-based exploitation is not possible); (2) the attacker must possess administrative credentials to the router's web management interface (the CVE description explicitly states 'authenticated attacker with administrative privileges' - note the provided CVSS vector PR:L is inconsistent with this requirement and should be treated as potentially erroneous); (3) the target must be running firmware version MW302R(EU)_V1_1.4.10 Build 231023 on EU V1 hardware. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is constrained by multiple factors working in combination. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with administrative credentials to the MW302R's web interface - whether through credential theft, default password reuse, or insider access on the same LAN - sends a specially crafted HTTP request to a vulnerable parameter in the admin panel. The oversized input overflows a stack buffer in the request handler, corrupting the return address and redirecting execution to an arbitrary address, causing the router to crash and drop all connected clients. … |
| Remediation | No vendor-released patch has been identified at the time of analysis - neither reference points to a Mercusys security advisory or firmware update. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today