CVE-2026-36610

Name of the Vulnerable Software and Affected Versions Mercusys AC12G (EU) V1 version AC12G(EU) V1 200909

Description The device transmits DDNS credentials over plaintext HTTP using only Base64 encoding. Because the firmware lacks a TLS (Transport Layer Security) implementation—a protocol designed to provide communications security over a computer network—an attacker can perform a man-in-the-middle interception to steal DDNS service credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.