CVE-2025-7882: Improper Restriction of Excessive Authentication Attempts in Mercusys MW301R
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2025-7882 is a vulnerability identified in the Mercusys MW301R router, specifically version 1.0.2 Build 190726 Rel.59423n. The issue arises from improper restriction of excessive authentication attempts during the login process. This means that the device does not adequately limit the number of login attempts, potentially allowing an attacker to perform brute-force or credential stuffing attacks within the local network. However, exploitation complexity is high, requiring local network access and advanced skills, and no user interaction or privileges are needed. The vulnerability has a low CVSS 4.0 score of 2.3, reflecting limited impact and difficulty of exploitation. The vendor has not responded to the disclosure, and no patches or mitigations have been officially released. The vulnerability could allow an attacker to gain unauthorized access to the router's administrative interface by repeatedly attempting authentication without being locked out or slowed down effectively. This could lead to further compromise of the network managed by the router if exploited. The attack vector is local network only, so remote exploitation is not feasible without prior network access. The vulnerability does not affect confidentiality, integrity, or availability directly but poses a risk of unauthorized access escalation if combined with other weaknesses or credential leaks. No known exploits are currently in the wild, and the vulnerability is rated as low severity due to its limited scope and high attack complexity.
Potential Impact
For European organizations, the impact of this vulnerability is generally limited but still noteworthy. Since the vulnerability requires local network access, it primarily threatens internal network security rather than remote attackers. In environments where Mercusys MW301R routers are deployed, an insider threat or an attacker who has gained initial foothold inside the network could leverage this flaw to escalate privileges by brute forcing router credentials. This could lead to unauthorized changes in network configurations, interception of internal traffic, or pivoting to other internal systems. Small and medium-sized enterprises (SMEs) or home office setups using this router model may be more vulnerable due to less mature network segmentation and monitoring. Larger organizations with robust network segmentation and monitoring are less likely to be affected. The lack of vendor response and patches increases the risk for organizations that rely on this hardware. Additionally, the vulnerability could be exploited in targeted attacks against organizations in sectors where Mercusys devices are common, potentially disrupting internal network management or enabling further lateral movement by attackers.
Mitigation Recommendations
Given the absence of official patches, European organizations should implement specific mitigations: 1) Restrict physical and network access to the local network segments where Mercusys MW301R routers are deployed, limiting exposure to trusted personnel only. 2) Implement strong network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 3) Monitor network traffic for unusual authentication attempts or brute-force patterns targeting router management interfaces. 4) Change default credentials immediately and enforce strong, unique passwords for router administration. 5) Disable remote management features if enabled, to reduce attack surface. 6) Consider replacing Mercusys MW301R devices with more secure alternatives that receive timely security updates. 7) Employ network access control (NAC) solutions to prevent unauthorized devices from connecting to the local network. 8) Regularly audit router configurations and logs to detect suspicious activities early. These measures go beyond generic advice by focusing on network architecture and operational controls tailored to the specific vulnerability context.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-7882: Improper Restriction of Excessive Authentication Attempts in Mercusys MW301R
Description
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2025-7882 is a vulnerability identified in the Mercusys MW301R router, specifically version 1.0.2 Build 190726 Rel.59423n. The issue arises from improper restriction of excessive authentication attempts during the login process. This means that the device does not adequately limit the number of login attempts, potentially allowing an attacker to perform brute-force or credential stuffing attacks within the local network. However, exploitation complexity is high, requiring local network access and advanced skills, and no user interaction or privileges are needed. The vulnerability has a low CVSS 4.0 score of 2.3, reflecting limited impact and difficulty of exploitation. The vendor has not responded to the disclosure, and no patches or mitigations have been officially released. The vulnerability could allow an attacker to gain unauthorized access to the router's administrative interface by repeatedly attempting authentication without being locked out or slowed down effectively. This could lead to further compromise of the network managed by the router if exploited. The attack vector is local network only, so remote exploitation is not feasible without prior network access. The vulnerability does not affect confidentiality, integrity, or availability directly but poses a risk of unauthorized access escalation if combined with other weaknesses or credential leaks. No known exploits are currently in the wild, and the vulnerability is rated as low severity due to its limited scope and high attack complexity.
Potential Impact
For European organizations, the impact of this vulnerability is generally limited but still noteworthy. Since the vulnerability requires local network access, it primarily threatens internal network security rather than remote attackers. In environments where Mercusys MW301R routers are deployed, an insider threat or an attacker who has gained initial foothold inside the network could leverage this flaw to escalate privileges by brute forcing router credentials. This could lead to unauthorized changes in network configurations, interception of internal traffic, or pivoting to other internal systems. Small and medium-sized enterprises (SMEs) or home office setups using this router model may be more vulnerable due to less mature network segmentation and monitoring. Larger organizations with robust network segmentation and monitoring are less likely to be affected. The lack of vendor response and patches increases the risk for organizations that rely on this hardware. Additionally, the vulnerability could be exploited in targeted attacks against organizations in sectors where Mercusys devices are common, potentially disrupting internal network management or enabling further lateral movement by attackers.
Mitigation Recommendations
Given the absence of official patches, European organizations should implement specific mitigations: 1) Restrict physical and network access to the local network segments where Mercusys MW301R routers are deployed, limiting exposure to trusted personnel only. 2) Implement strong network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 3) Monitor network traffic for unusual authentication attempts or brute-force patterns targeting router management interfaces. 4) Change default credentials immediately and enforce strong, unique passwords for router administration. 5) Disable remote management features if enabled, to reduce attack surface. 6) Consider replacing Mercusys MW301R devices with more secure alternatives that receive timely security updates. 7) Employ network access control (NAC) solutions to prevent unauthorized devices from connecting to the local network. 8) Regularly audit router configurations and logs to detect suspicious activities early. These measures go beyond generic advice by focusing on network architecture and operational controls tailored to the specific vulnerability context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-19T07:43:56.441Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687cc56aa83201eaac01f2b1
Added to database: 7/20/2025, 10:31:06 AM
Last enriched: 7/28/2025, 1:03:12 AM
Last updated: 8/18/2025, 1:22:24 AM
Views: 24
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.