The device’s DNS resolver improperly answers version.bind CHAOS TXT queries, revealing the underlying software version (Unbound 1.22.0). This disclosure allows an attacker to determine whether the resolver is running a version with known, exploitable weaknesses, enabling more targeted attacks. The vulnerability is an information‑exposure flaw that exposes details that could be used to craft subsequent attacks or confirm the presence of other security gaps. Based on the description, it is inferred that an attacker may leverage this information to locate and exploit known vulnerabilities in Unbound 1.22.0.

The affected product is Mercusys AC12G (EU) version 1, running firmware AC12G(EU)_V1_200909. No other affected vendors or versions were identified in the advisory. The vulnerability is specific to this firmware build, where the DNS resolver responds to version.bind CHAOS TXT queries with the Unbound 1.22.0 version string.

The CVSS score reported is 4.3, indicating moderate severity, and the lack of a patch means the flaw remains exploitable. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, suggesting it may not be actively exploited yet. The likely attack vector is remote, as any external DNS query can trigger the disclosure. An attacker could employ the exposed version information to research and exploit known vulnerabilities in Unbound 1.22.0, such as known memory corruption or denial‑of‑service bugs. Because the resolver is exposed to the Internet, the exploitability conditions are straightforward: send a CHAOS TXT query to the device’s DNS service and capture the response.