CVE-2026-36612
6.4 MEDIUMMercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 1...
Published: 2026-06-03 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 6.4 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
- CWE
- CWE-1188, CWE-307
Description
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-43926 — FOSSBilling is a free, open-source billing and client management system
- CVE-2026-36616 — Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS... (5.9 MEDIUM)
- CVE-2026-36607 — Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change e... (8.8 HIGH)
- CVE-2026-44825 — Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0... (8.1 HIGH)