| Название | Mercusys Router MW301R 1.0.2 Build 190726 Rel.59423n (4252) 7PK Security Features / Brute Force via IP Cycling |
|---|
| Описание | Hello team!
The Mercusys MW301R router implements a basic brute-force protection mechanism that blocks login attempts after a number of failed tries. However, this blocking mechanism is based solely on the source IP address, without enforcing any session fingerprinting, token validation, or advanced rate-limiting / and MAC Address, etc.
An attacker connected to the LAN can simply change their local IP address (e.g., from 192.168.1.10 to 192.168.1.11) after reaching the limit, effectively resetting the login attempt counter.
This allows a brute-force attack to be performed against the admin login page, completely defeating the intended security mechanism. |
|---|
| Источник | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README21.md |
|---|
| Пользователь | RaulPACXXX (UID 84502) |
|---|
| Представление | 08.07.2025 14:00 (12 месяцы назад) |
|---|
| Модерация | 19.07.2025 09:44 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 316997 [Mercusys MW301R 1.0.2 Build 190726 Rel.59423n Login раскрытие информации] |
|---|
| Баллы | 20 |
|---|