A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some…
VulDB·CWE-307·Published 2025-07-20
Eine Schwachstelle wurde in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Login. Durch Beeinflussen mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Se encontró una vulnerabilidad en Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. Se ha clasificado como problemática. Este problema afecta a un procesamiento desconocido del componente "Login". La manipulación provoca una restricción indebida de un exceso de intentos de autenticación. El ataque solo puede iniciarse dentro de la red local. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 1.8 | — | — | AV:A/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR |
| 2.0 | Primary | cve.org | 1.8 | — | — | AV:A/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR |
| 2.0 | Secondary | NVD | 1.8 | 3.2 | 2.9 | AV:A/AC:H/Au:N/C:N/I:P/A:N |
| 3.0 | Primary | cve.org | 3.1 | — | — | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 3.0 | Primary | cve.org | 3.1 | — | — | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 3.1 | Primary | cve.org | 3.1 | — | — | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 3.1 | Primary | cve.org | 3.1 | — | — | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 3.1 | Secondary | NVD | 3.1 | 1.6 | 1.4 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 4.0 | Primary | cve.org | 2.3 | — | — | CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| 4.0 | Primary | cve.org | 2.3 | — | — | CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| 4.0 | Secondary | NVD | 1.3 | — | — | CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |