CVE-2023-46297

low-risk
Published 2024-05-29

An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.1/10 Medium
LOCAL / LOW complexity

References (2)

https://k4m1ll0.com/cve-2023-46297.html
https://k4m1ll0.com/cve-2023-46297.html
22
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal