CVE-2025-7882 in MW301R
Summary
by MITRE • 07/20/2025
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/20/2025
The vulnerability identified as CVE-2025-7882 affects the Mercusys MW301R wireless router firmware version 1.0.2 Build 190726 Rel.59423n, representing a significant security weakness in the device's authentication mechanisms. This issue falls under the category of improper restriction of excessive authentication attempts, which is classified as CWE-307 and aligns with the ATT&CK technique T1110.003 for Brute Force. The vulnerability specifically impacts the login component of the router's web interface, creating a potential pathway for unauthorized access attempts that could lead to complete network compromise.
The technical flaw manifests in the router's inadequate handling of repeated authentication attempts, allowing for what is known as a brute force attack to be executed against the login interface. While the attack vector requires local network access, this limitation does not sufficiently mitigate the risk given that many organizations have their wireless networks exposed to internal threats or that attackers may have already gained access to the local network through other means. The high attack complexity and difficulty of exploitation suggest that while the vulnerability exists, it requires substantial technical expertise to leverage effectively, though this does not prevent determined attackers from attempting to exploit it.
The operational impact of this vulnerability extends beyond simple unauthorized access as it could enable attackers to gain full administrative control over the router configuration, potentially leading to man-in-the-middle attacks, DNS hijacking, or the ability to redirect network traffic through malicious proxies. This compromise of network infrastructure can result in widespread security breaches affecting all devices connected to the compromised network. The fact that the exploit has been publicly disclosed and is known to be usable creates an immediate threat to organizations that have not yet patched or mitigated this issue, particularly since the vendor did not respond to early disclosure attempts, indicating a potential lack of ongoing support for this device model.
Organizations should immediately implement network segmentation to isolate critical systems from the affected router, deploy intrusion detection systems to monitor for suspicious login patterns, and consider disabling unnecessary services on the device. The recommended mitigation strategies include updating to the latest firmware version if available, implementing strong password policies with multi-factor authentication where possible, and monitoring for unusual authentication attempts that could indicate exploitation attempts. Additionally, network administrators should consider implementing rate limiting on authentication attempts and employing automated tools to detect and respond to potential brute force attacks targeting the affected device. The vulnerability demonstrates the importance of maintaining up-to-date firmware and the risks associated with end-of-life devices that no longer receive security updates from vendors, as highlighted by the ATT&CK framework's emphasis on maintaining current security controls and the CWE classification's focus on proper authentication mechanism implementation.