Skip to main content

Mercusys MW302R CVE-2026-31267

MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-07-09 cve@mitre.org
5.7
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.7 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.5 MEDIUM

Description explicitly requires administrative privileges (PR:H); AV:A retained per CVSS vector; DoS-only impact confirmed by description (C:N, I:N, A:H).

3.1 AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 10, 2026 - 16:33 vuln.today
CVSS changed
Jul 10, 2026 - 16:22 NVD
5.7 (MEDIUM)
CVE Published
Jul 09, 2026 - 21:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address.

AnalysisAI

Stack-based buffer overflow in the Mercusys MW302R (EU) V1 1.4.10 Build 231023 administrative web interface allows an authenticated attacker with administrative access on the same network segment to crash the device by sending a specially crafted HTTP request. The crash results from control flow being redirected to an arbitrary instruction address - a classic CWE-121 stack overflow pattern that produces denial of service. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain LAN adjacency to router
Delivery
Authenticate to admin web interface
Exploit
Send crafted oversized HTTP request
Install
Overflow stack buffer in request handler
C2
Corrupt return address
Execute
Redirect control flow to arbitrary address
Impact
Device crash and DoS

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the attacker must be on the same local network segment as the MW302R (AV:A - internet-based exploitation is not possible); (2) the attacker must possess administrative credentials to the router's web management interface (the CVE description explicitly states 'authenticated attacker with administrative privileges' - note the provided CVSS vector PR:L is inconsistent with this requirement and should be treated as potentially erroneous); (3) the target must be running firmware version MW302R(EU)_V1_1.4.10 Build 231023 on EU V1 hardware. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is constrained by multiple factors working in combination. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with administrative credentials to the MW302R's web interface - whether through credential theft, default password reuse, or insider access on the same LAN - sends a specially crafted HTTP request to a vulnerable parameter in the admin panel. The oversized input overflows a stack buffer in the request handler, corrupting the return address and redirecting execution to an arbitrary address, causing the router to crash and drop all connected clients. …
Remediation No vendor-released patch has been identified at the time of analysis - neither reference points to a Mercusys security advisory or firmware update. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-31267 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy