Description
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).
Published: 2026-06-03
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Mercusys AC12G firmware enables WPS 2.0 by default with a weak lockout policy: after ten wrong attempts a 60‑second delay is enforced before a next attempt. This allows an attacker to perform repeated Wi‑Fi protected setup authentications without a prohibitively long wait, making brute‑force attacks feasible and potentially granting unauthorized network access. The weakness is related to an inadequate authentication timeout policy (CWE‑307) and a weak lockout implementation (CWE‑1188). The CVSS score of 6.4 indicates a moderate severity for the vulnerability.

Affected Systems

Mercusys AC12G (EU) V1 routers running firmware version AC12G(EU)_V1_200909 are impacted by the default WPS configuration that permits rapid repeated authentication attempts.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity, and the EPSS score of < 1% suggests a low but non-zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog at this time. The likely attack vector is via the local wireless interface or any device connected to the router’s Wi‑Fi network. An attacker with local network access can brute‑force WPS credentials in a short period, leading to potential unauthorized network access.

Generated by OpenCVE AI on June 4, 2026 at 15:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to the latest firmware that disables WPS by default or implements a stricter lockout policy
  • Disable WPS entirely in the router’s administration interface
  • Change the Wi‑Fi network password to a strong, unique value

Generated by OpenCVE AI on June 4, 2026 at 15:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercusys
Mercusys ac12g
Vendors & Products Mercusys
Mercusys ac12g

Thu, 04 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title WPS 2.0 Weak Lockout Policy Enables Brute‑Force Attacks

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1188
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title WPS 2.0 Weak Lockout Policy Enables Brute‑Force Attacks
Weaknesses CWE-307

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).
References

Subscriptions

Mercusys Ac12g
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T12:33:06.198Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36612

cve-icon Vulnrichment

Updated: 2026-06-04T12:33:00.914Z

cve-icon NVD

Status : Deferred

Published: 2026-06-03T18:16:22.487

Modified: 2026-06-04T15:41:35.193

Link: CVE-2026-36612

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:12:22Z

Weaknesses
  • CWE-1188

    Initialization of a Resource with an Insecure Default

  • CWE-307

    Improper Restriction of Excessive Authentication Attempts