제출 #611431: Mercusys Router MW301R 1.0.2 Build 190726 Rel.59423n (4252) 7PK Security Features / Brute Force via IP Cycling정보

제목Mercusys Router MW301R 1.0.2 Build 190726 Rel.59423n (4252) 7PK Security Features / Brute Force via IP Cycling
설명Hello team! The Mercusys MW301R router implements a basic brute-force protection mechanism that blocks login attempts after a number of failed tries. However, this blocking mechanism is based solely on the source IP address, without enforcing any session fingerprinting, token validation, or advanced rate-limiting / and MAC Address, etc. An attacker connected to the LAN can simply change their local IP address (e.g., from 192.168.1.10 to 192.168.1.11) after reaching the limit, effectively resetting the login attempt counter. This allows a brute-force attack to be performed against the admin login page, completely defeating the intended security mechanism.
원천⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README21.md
사용자
 RaulPACXXX (UID 84502)
제출2025. 07. 08. PM 02:00 (12 개월 ago)
모더레이션2025. 07. 19. AM 09:44 (11 days later)
상태수락
VulDB 항목316997 [Mercusys MW301R 1.0.2 Build 190726 Rel.59423n Login 정보 공개]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!