CVE-2023-46297

MEDIUM

Mercusys MW325R EU V3 <1.11.0 - DoS

Title source: llm

Description

An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior.

References (1)

[Various Sources] https://k4m1ll0.com/cve-2023-46297.html

Scores

CVSS v3 5.1

EPSS 0.0007

EPSS Percentile 20.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-755

Status draft

Timeline

Published May 29, 2024

Tracked Since Feb 18, 2026