The flaw resides in the handling of UPnP SOAP requests on the router. When a POST request is received on port 1900 without a SOAPAction header, the device returns 128 bytes of uninitialized memory, leaking internal data that could help an attacker gather information about the device or surrounding network. The primary impact is the disclosure of sensitive information; there is no evidence of code execution or privilege escalation. The weakness involves uninitialized reads and unauthorized access to local information (CWE-200).

Mercusys AC12G (EU) V1 running firmware version AC12G(EU)_V1_200909 is the only product explicitly listed as affected. No other products or firmware revisions appear in the advisory; users of newer firmware should verify release notes for potential fixes.

Based on the description, the attack vector is likely local‑network delivery of malformed UPnP POST requests. An attacker can trigger the vulnerability by sending unauthenticated POST traffic on port 1900 without a SOAPAction header, without needing any credentials. Because the flaw is confined to the UPnP port on a local LAN segment, the risk is limited to devices within the same network. The EPSS score is not available, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. However, the disclosed memory contents might aid reconnaissance or credential‑guessing, giving the flaw some value in a focused local‑network attack scenario.