提出 #611431: Mercusys Router MW301R 1.0.2 Build 190726 Rel.59423n (4252) 7PK Security Features / Brute Force via IP Cycling情報

タイトルMercusys Router MW301R 1.0.2 Build 190726 Rel.59423n (4252) 7PK Security Features / Brute Force via IP Cycling
説明Hello team! The Mercusys MW301R router implements a basic brute-force protection mechanism that blocks login attempts after a number of failed tries. However, this blocking mechanism is based solely on the source IP address, without enforcing any session fingerprinting, token validation, or advanced rate-limiting / and MAC Address, etc. An attacker connected to the LAN can simply change their local IP address (e.g., from 192.168.1.10 to 192.168.1.11) after reaching the limit, effectively resetting the login attempt counter. This allows a brute-force attack to be performed against the admin login page, completely defeating the intended security mechanism.
ソース⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README21.md
ユーザー
 RaulPACXXX (UID 84502)
送信2025年07月08日 14:00 (12 月 ago)
モデレーション2025年07月19日 09:44 (11 days later)
ステータス承諾済み
VulDBエントリ316997 [Mercusys MW301R 1.0.2 Build 190726 Rel.59423n Login 情報漏えい]
ポイント20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!