|
951
|
7.3 |
HIGH
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory t…
|
CWE-200
Information Exposure
|
CVE-2026-36611
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
6.4 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).
|
CWE-307
CWE-1188
mproper Restriction of Excessive Authentication Attempts
Insecure Default Initialization of Resource
|
CVE-2026-36612
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to una…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-36613
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.
|
CWE-200
Information Exposure
|
CVE-2026-36615
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
5.9 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware…
|
CWE-798
CWE-1188
Use of Hard-coded Credentials
Insecure Default Initialization of Resource
|
CVE-2026-36616
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version (unbound 1.22.0), aiding targeted attacks against kno…
|
CWE-200
Information Exposure
|
CVE-2026-36618
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hid…
|
CWE-200
Information Exposure
|
CVE-2026-40495
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs befo…
|
CWE-601
Open Redirect
|
CVE-2026-43924
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-AP…
|
CWE-204
CWE-307
Response Discrepancy Information Exposure
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-43926
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
- |
|
-
|
-
|
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtai…
|
-
|
CVE-2026-36174
|
2026-06-5 00:41 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
