top of page
perceptive_background_267k.jpg

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attackeā€¦

Published:

2 June 2026 at 22:00:00

Alert date:

3 June 2026 at 20:02:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 contains a critical security vulnerability where configuration backups are encrypted using a hardcoded DES key with single DES in ECB mode. This weak encryption implementation allows attackers who obtain backup files to decrypt them and recover sensitive credentials. The vulnerability exposes admin passwords, WiFi pre-shared keys (PSK), and DDNS credentials. The use of hardcoded encryption keys represents a fundamental security design flaw that compromises the confidentiality of router configuration data.

Technical details

Mitigation steps:

Affected products:

Mercusys AC12G

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-36606
https://github.com/Tymbark7372/MERCUSYS-AC12G/blob/master/advisories/CVE-2026-36606.md

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page