Skip to main content

CVE-2025-7882: Improper Restriction of Excessive Authentication Attempts in Mercusys MW301R

Low
VulnerabilityCVE-2025-7882cvecve-2025-7882
Published: Sun Jul 20 2025 (07/20/2025, 10:14:04 UTC)
Source: CVE Database V5
Vendor/Project: Mercusys
Product: MW301R

Description

A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI-Powered Analysis

AILast updated: 07/28/2025, 01:03:12 UTC

Technical Analysis

CVE-2025-7882 is a vulnerability identified in the Mercusys MW301R router, specifically version 1.0.2 Build 190726 Rel.59423n. The issue arises from improper restriction of excessive authentication attempts during the login process. This means that the device does not adequately limit the number of login attempts, potentially allowing an attacker to perform brute-force or credential stuffing attacks within the local network. However, exploitation complexity is high, requiring local network access and advanced skills, and no user interaction or privileges are needed. The vulnerability has a low CVSS 4.0 score of 2.3, reflecting limited impact and difficulty of exploitation. The vendor has not responded to the disclosure, and no patches or mitigations have been officially released. The vulnerability could allow an attacker to gain unauthorized access to the router's administrative interface by repeatedly attempting authentication without being locked out or slowed down effectively. This could lead to further compromise of the network managed by the router if exploited. The attack vector is local network only, so remote exploitation is not feasible without prior network access. The vulnerability does not affect confidentiality, integrity, or availability directly but poses a risk of unauthorized access escalation if combined with other weaknesses or credential leaks. No known exploits are currently in the wild, and the vulnerability is rated as low severity due to its limited scope and high attack complexity.

Potential Impact

For European organizations, the impact of this vulnerability is generally limited but still noteworthy. Since the vulnerability requires local network access, it primarily threatens internal network security rather than remote attackers. In environments where Mercusys MW301R routers are deployed, an insider threat or an attacker who has gained initial foothold inside the network could leverage this flaw to escalate privileges by brute forcing router credentials. This could lead to unauthorized changes in network configurations, interception of internal traffic, or pivoting to other internal systems. Small and medium-sized enterprises (SMEs) or home office setups using this router model may be more vulnerable due to less mature network segmentation and monitoring. Larger organizations with robust network segmentation and monitoring are less likely to be affected. The lack of vendor response and patches increases the risk for organizations that rely on this hardware. Additionally, the vulnerability could be exploited in targeted attacks against organizations in sectors where Mercusys devices are common, potentially disrupting internal network management or enabling further lateral movement by attackers.

Mitigation Recommendations

Given the absence of official patches, European organizations should implement specific mitigations: 1) Restrict physical and network access to the local network segments where Mercusys MW301R routers are deployed, limiting exposure to trusted personnel only. 2) Implement strong network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 3) Monitor network traffic for unusual authentication attempts or brute-force patterns targeting router management interfaces. 4) Change default credentials immediately and enforce strong, unique passwords for router administration. 5) Disable remote management features if enabled, to reduce attack surface. 6) Consider replacing Mercusys MW301R devices with more secure alternatives that receive timely security updates. 7) Employ network access control (NAC) solutions to prevent unauthorized devices from connecting to the local network. 8) Regularly audit router configurations and logs to detect suspicious activities early. These measures go beyond generic advice by focusing on network architecture and operational controls tailored to the specific vulnerability context.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-07-19T07:43:56.441Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 687cc56aa83201eaac01f2b1

Added to database: 7/20/2025, 10:31:06 AM

Last enriched: 7/28/2025, 1:03:12 AM

Last updated: 8/18/2025, 1:22:24 AM

Views: 24

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats