Description
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary.
Published: 2026-06-03
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware of the Mercusys AC12G (EU) V1 embeds WiFi driver credentials, a RADIUS shared secret, a WPS test key, and a default pre‑shared key. Based on the description, it is inferred that an attacker with wireless access can use these hard‑coded secrets to authenticate to the device’s WiFi network and then interact with the router or the local subnet. This compromise can lead to interception of wireless traffic, alteration of network policies, and potential use of the router as a foothold for further attacks on the local network. The vulnerability represents a moderate‑risk flaw as denoted by its CVSS score of 5.9, underscoring the importance of credential protection.

Affected Systems

Mercusys AC12G (EU) V1 firmware version AC12G(EU)_V1_200909 is affected. No other vendor or product variants were disclosed in the advisory.

Risk and Exploitability

The EPSS score of <1% indicates a very low probability of exploitation, and the flaw is not listed in CISA’s KEV catalog. The CVSS score of 5.9 denotes moderate severity. Based on the description, the attacker must be within wireless range of the device to utilize the hard‑coded credentials. Once connected, the attacker can access the router’s management interface or local network resources, achieving both network access and the potential for administrative control in a single step.

Generated by OpenCVE AI on June 4, 2026 at 15:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware that removes the hard‑coded credentials, if a vendor update is available
  • If no update exists, immediately change the WiFi SSID, WPA2/WPA3 passphrase, and default administrative passwords, and disable WPS to eliminate the exposed credentials
  • Regularly monitor network traffic for unauthorized connections and consider isolating the router from critical assets until a vendor fix is released

Generated by OpenCVE AI on June 4, 2026 at 15:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercusys
Mercusys ac12g
Vendors & Products Mercusys
Mercusys ac12g

Thu, 04 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Hardcoded WiFi Credentials in Mercusys AC12G Firmware

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1188
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Hardcoded WiFi Credentials in Mercusys AC12G Firmware
Weaknesses CWE-798

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary.
References

Subscriptions

Mercusys Ac12g
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T12:31:53.158Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36616

cve-icon Vulnrichment

Updated: 2026-06-04T12:31:48.304Z

cve-icon NVD

Status : Deferred

Published: 2026-06-03T18:16:22.887

Modified: 2026-06-04T15:41:35.193

Link: CVE-2026-36616

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:12:18Z

Weaknesses
  • CWE-1188

    Initialization of a Resource with an Insecure Default

  • CWE-798

    Use of Hard-coded Credentials