Mercusys MW301R Excessive Authentication Vulnerability

An excessive authentication vulnerability has been identified in the Mercusys MW301R router, specifically in version 1.0.2 Build 190726 Rel.59423n. This vulnerability arises from the router's login component, which fails to adequately limit the number of authentication attempts. As a result, the device is susceptible to brute-force attacks. The issue can only be exploited from within the local network, and while the vulnerability has been publicly disclosed and an exploit is available, the exploitation is considered difficult.

Impact

The vulnerability allows for excessive authentication attempts, potentially leading to successful brute-force attacks on the admin login page.

Reproduction

The vulnerability can be reproduced by connecting to the local network and accessing the router's login page. After reaching the limit of failed login attempts, the source IP address can be changed to reset the attempt counter. This process effectively bypasses the router's basic brute-force protection mechanism, which relies solely on the source IP address without any session validation or advanced rate-limiting measures.