by @k4m1ll0
29 May 2024

Mercusys MW325R Reverse Engineering - PART 1: ROOT SHELL (CVE-2023-46297)

by @k4m1ll0
29 May 2024

Mercusys MW325R Reverse Engineering - PART 1: ROOT SHELL (CVE-2023-46297)

CVEs

5.1 Medium Severity

Screenshots from the blog posts

images/clwp8eqvtbpnu1ioeezsd165n.pngimages/clwp8eqvtbpnu1ioeezsd165n.png

Summary

I bought a Mercusys (MW325R EU V3) router and found a login page vulnerability during reverse engineering. Using HW hacking tools, I obtained a root shell and discovered the custom-made OS with a "MiniFS" filesystem. I reported multiple vulnerabilities to the vendor, focusing on CVE-2023-46297.

Description

users/photos/cllwqrjjj2sk91gn20zmt0wpl.png

@k4m1ll0

6 posts

https://k4m1ll0.com

Total vcoins

6K

Social media links

Comments (4)