CVE-2026-36613

CVSS v3.1

4.3

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Mercusys AC12G (EU) V1 with firmware AC12G(EU) V1 200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-36613

Affected Products

Undefined

CVE-2026-36613

Weakness Enumeration

Related Identifiers

Affected Products

References · 2