Unreachable/Invisible Admin Interface Due to WAN Attack
CVE-2023-46297

5.1MEDIUM

Key Information:

Vendor: Mercusys
Vendor: CVE Published:; 29 May 2024

What is CVE-2023-46297?

A vulnerability exists in Mercusys MW325R devices that allows an attacker to disrupt access to the admin interface via unauthenticated HTTP requests. This flaw permits the attacker to render the interface unreachable, as the necessary files for content display become unavailable. Although the web server remains operational, the admin panel is no longer accessible, necessitating a router reboot for recovery to standard functionality. This issue raises significant concerns regarding the security posture of affected devices, as it eliminates an essential means of administrative management.

References

https://k4m1ll0.com/cve-2023-46297.html

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2024