Improper Authentication in Mercusys MW301R Router
CVE-2025-7882

2.3LOW

Key Information:

Vendor

Mercusys

Status
Mw301r
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7882?

A security flaw in the Mercusys MW301R router version 1.0.2 Build 190726 Rel.59423n allows improper restriction of excessive authentication attempts on the login interface. This vulnerability can only be exploited from within the local network, making it a localized threat. Although the complexity of exploiting this vulnerability is deemed high, public disclosure has occurred, and methods may be available for malicious actors to attempt exploitation. The vendor has been notified but has not provided any official response on the matter.

Affected Version(s)

MW301R 1.0.2 Build 190726 Rel.59423n

References

https://vuldb.com/?id.316997
vdb-entry
https://vuldb.com/?ctiid.316997
signaturepermissions-required
https://vuldb.com/?submit.611431
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-7882 : Improper Authentication in Mercusys MW301R Router