Description
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.
Published: 2026-06-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An undocumented endpoint, /agileconfigreset, in the Mercusys AC12G (EU) V1 firmware reveals internal buffer contents when accessed by an unauthenticated client on the same network. The returned data can include sensitive configuration information and potentially expose authentication credentials or other proprietary information. Because no authentication is required, an attacker who can reach the device locally can read this data and potentially use it for further exploitation.

Affected Systems

Mercusys AC12G (EU) V1 running firmware AC12G(EU)_V1_200909. The flaw is specific to this version of the firmware; no other affected versions are mentioned in the advisory.

Risk and Exploitability

The CVSS score is 4.3, EPSS score is not available, and the vulnerability is not in the CISA KEV catalog. The lack of authentication combined with the leakage of internal buffer data makes this a serious information‑disclosure risk that is exploitable from any host on the adjacent local network. An attacker needs only network access and no credentials to trigger the vulnerability, implying high operational risk for devices in untrusted networks.

Generated by OpenCVE AI on June 3, 2026 at 20:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version that removes or disables the /agileconfigreset endpoint
  • Configure network segmentation or firewall rules to block local‑network access to the device’s web interface
  • Apply a local host block or port filter to deny unauthenticated access to the /agileconfigreset endpoint

Generated by OpenCVE AI on June 3, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercusys
Mercusys ac12g
Vendors & Products Mercusys
Mercusys ac12g

Wed, 03 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Undocumented /agileconfigreset Endpoint Reveals Internal Buffer Contents to Unauthenticated Network Attacks

Wed, 03 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Undocumented /agileconfigreset Endpoint Reveals Internal Buffer Contents to Unauthenticated Network Attacks
Weaknesses CWE-200

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.
References

Subscriptions

Mercusys Ac12g
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-03T18:37:35.433Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36615

cve-icon Vulnrichment

Updated: 2026-06-03T18:37:28.959Z

cve-icon NVD

Status : Deferred

Published: 2026-06-03T18:16:22.750

Modified: 2026-06-04T15:41:35.193

Link: CVE-2026-36615

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:12:20Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor