CVE-2025-7881
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7881
EUVD
EUVD-2025-22005
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mercusys mw301r 1.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-640 The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7881 is a vulnerability in the Mercusys MW301R router's web interface, specifically in the password recovery process. It allows an attacker who already has some authenticated access to manipulate the 'code' parameter in an HTTP request to bypass the normal password recovery workflow. This means the attacker can reset the administrator password remotely without knowing the current password or having physical access to the device. The vulnerability arises from weak handling of the password recovery mechanism. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker with some authenticated access to remotely reset the administrator password on your Mercusys MW301R router without knowing the original password. This compromises the integrity of your device, potentially giving the attacker full control over the router's settings and network traffic. Since the exploit is publicly available and easy to execute, it poses a significant security risk if the device is exposed. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP requests to the router's web interface for suspicious manipulation of the "code" parameter in URLs matching the pattern /?code={CODE}&asyn={ASYN}&id={ID}. Specifically, look for unauthorized attempts to invoke the password reset endpoint remotely. Network traffic inspection tools or web proxy logs can be used to identify such requests. Since the exploit requires an authenticated session, commands or tools that capture and analyze HTTP traffic (e.g., tcpdump, Wireshark, or curl with authentication) can help detect exploitation attempts. For example, using tcpdump to filter HTTP traffic to the router's IP and inspecting for URLs containing "code=" parameters may help detect this activity. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the router's web interface to trusted networks or IP addresses to reduce exposure. Since no vendor patch or fix is available, it is recommended to replace the affected Mercusys MW301R router with an alternative device that is not vulnerable. Additionally, monitor for suspicious activity related to password recovery attempts and consider disabling remote management features if possible to limit attack vectors. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart