CVE-2026-31267 in MW302Rinfo

Summary

by MITRE • 07/10/2026

Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The Mercusys MW302R router firmware version 1.4.10 build 231023 contains a critical stack buffer overflow vulnerability within its administrative web interface that presents significant security risks for network administrators and system operators. This vulnerability stems from improper input validation and memory management practices within the web application code, creating an exploitable condition that can be leveraged by authenticated attackers who already possess administrative credentials.

The technical flaw manifests as a classic stack-based buffer overflow occurring when the administrative web interface processes user-supplied data without adequate bounds checking or sanitization mechanisms. When an authenticated attacker submits a specially crafted HTTP request containing excessive input data to specific parameters within the web application, the software fails to properly validate the input length before copying it into a fixed-size stack buffer. This overflow corrupts adjacent memory locations including return addresses and control flow information, allowing for arbitrary code execution or system crash conditions.

The operational impact of this vulnerability extends beyond simple denial of service scenarios as it provides attackers with potential control flow manipulation capabilities that can redirect program execution to arbitrary instruction addresses within the router's memory space. The vulnerability specifically affects the administrative web interface which means that any user with valid administrative credentials could exploit this condition, making it particularly dangerous for environments where administrative access is widely distributed or where credential compromise is possible through social engineering or other attack vectors.

This vulnerability aligns with CWE-121 Stack-based Buffer Overflow and represents a significant weakness in the firmware's input validation and memory management practices. The issue falls under the ATT&CK technique T1203 Exploitation for Client Execution and T1499 Endpoint Denial of Service, demonstrating how authenticated access can be leveraged to cause system instability and potential complete service disruption.

Organizations should immediately implement mitigation strategies including firmware updates from Mercusys when available, network segmentation to isolate critical router infrastructure, and enhanced monitoring of administrative web interface traffic for anomalous patterns. Additionally, implementing strict input validation controls at the application level and deploying intrusion detection systems that can identify malformed requests targeting known vulnerable endpoints would significantly reduce the risk exposure. The vulnerability underscores the importance of regular firmware updates and proper security testing of network infrastructure devices before deployment in production environments.

Responsible

MITRE

Reservation

03/09/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!