A denial-of-service vulnerability exists in the administrative web interface of Mercusys MW302R firmware version 1.4.10 (Build 231023) and earlier.
- Vendor: Mercusys
- Product: MW302R
- Affected Firmware Version: MW302R(EU)_V1_1.4.10 Build 231023
- Component: Administrative Web Interface
A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address.
- Type: Local/Network (requires access to administrative interface)
- Authentication: Required (administrator credentials)
- User Interaction: None
- Impact: Denial of Service - system reboot/crash
Base Score: 4.9 (Medium)
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Acknowledged by vendor – Mercusys Security Team
Patch released – Official firmware update available
- MW302R(EU)_V1_1.11.10 Build 26032720260429034623
- Download: https://static.mercusys.com/software/MW302R(EU)_V1.20_1.11.10_Build_26032720260429034623.zip
Bartosz "BarrYPL" Osuch
Security Researcher
https://barry-dev.xyz
- Vendor Advisory: https://www.mercusys.com/en/download/mw302r/#Firmware - patch notes says only "Enhanced device security."
- Researcher Blog: https://barry-dev.xyz (writeup coming after CVE publication)
- Affected Firmware: https://www.mercusys.com/en/product/MW302R
- 2026-04-09: CVE-2026-31267 reserved
- 2026-04-29: Vendor patch released
- 2026-05-06: Public disclosure request submitted