|
2871
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's intern…
|
CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-36604
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2872
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that require…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-36605
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2873
|
7.1 |
HIGH
Local
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-36606
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2874
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to th…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-36607
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2875
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or local…
|
CWE-441
Confused Deputy
|
CVE-2026-36608
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2876
|
7.3 |
HIGH
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-bas…
|
CWE-327
CWE-341
Use of a Broken or Risky Cryptographic Algorithm
Predictable from Observable State
|
CVE-2026-36609
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2877
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-mid…
|
CWE-319
CWE-523
Cleartext Transmission of Sensitive Information
Unprotected Transport of Credentials
|
CVE-2026-36610
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2878
|
7.3 |
HIGH
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory t…
|
CWE-200
Information Exposure
|
CVE-2026-36611
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2879
|
6.4 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).
|
CWE-307
CWE-1188
mproper Restriction of Excessive Authentication Attempts
Insecure Default Initialization of Resource
|
CVE-2026-36612
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2880
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to una…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-36613
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
