CVE-2026-31267
Deferred Deferred - Pending Action

Buffer Overflow in Mercusys MW302R Admin Interface

Vulnerability report for CVE-2026-31267, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: MITRE

Description

Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mercusys mw302r 1.4.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a stack buffer overflow in the administrative web interface of the Mercusys MW302R router firmware version MW302R(EU)_V1_1.4.10 Build 231023.

An authenticated attacker with administrative privileges can send a specially crafted request that triggers this buffer overflow, causing the system to crash.

The overflow allows manipulation of the control flow to an arbitrary instruction address, resulting in a denial of service condition.

Impact Analysis

This vulnerability can cause a denial of service on the affected device by crashing the system.

Since the attacker must have administrative privileges and be authenticated, the impact is limited to users or attackers who already have high-level access.

However, the resulting system crash can disrupt network connectivity and availability, potentially affecting business operations or personal use.

Detection Guidance

This vulnerability affects the Mercusys MW302R router's administrative web interface in firmware version 1.4.10 (Build 231023) and earlier. Detection involves verifying if the device is running the vulnerable firmware and if the administrative interface is accessible.

Since the vulnerability requires authenticated administrative access to trigger a crash via a specially crafted request, detection can include checking the firmware version and monitoring for unusual crashes or reboots of the device.

Specific commands to detect the vulnerability are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to update the Mercusys MW302R router firmware to the patched version MW302R(EU)_V1_1.11.10 Build 26032720260429034623 released by the vendor.

Until the update is applied, restrict administrative access to trusted networks and users only, as the vulnerability requires authenticated administrative privileges.

Monitoring the device for unexpected crashes or reboots can also help detect exploitation attempts.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31267. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart