CVE-2026-36615

Published June 3rd, 2026

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.

Tymbark7372/MERCUSYS-AC12G

15 CVEs in Mercusys AC12G (EU) V1 - 2 Critical, 4 High, 8 Medium, 1 Low

GitHub