Web Interface Password Recovery Flaw in Mercusys MW301R Router
CVE-2025-7881

5.1MEDIUM

Key Information:

Vendor

Mercusys

Status
Mw301r
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7881?

A vulnerability exists within the web interface of the Mercusys MW301R Router, specifically affecting version 1.0.2 Build 190726 Rel.59423n. This flaw allows remote attackers to exploit weak password recovery mechanisms, enabling unauthorized access to router settings. The vendor was informed about this issue but has not provided any response. As the exploitation methods are publicly disclosed, users should be vigilant and take necessary security measures to protect their devices.

Affected Version(s)

MW301R 1.0.2 Build 190726 Rel.59423n

References

https://vuldb.com/?id.316996
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316996
signaturepermissions-required
https://vuldb.com/?submit.611328
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-7881 : Web Interface Password Recovery Flaw in Mercusys MW301R Router