top of page
perceptive_background_267k.jpg

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacke…

Published:

2 juni 2026 om 22:00:00

Alert date:

3 juni 2026 om 20:02:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 contains a critical security vulnerability where configuration backups are encrypted using a hardcoded DES key with single DES in ECB mode. This weak encryption implementation allows attackers who obtain backup files to decrypt them and recover sensitive credentials. The vulnerability exposes admin passwords, WiFi pre-shared keys (PSK), and DDNS credentials. The use of hardcoded encryption keys represents a fundamental security design flaw that compromises the confidentiality of router configuration data.

Technical details

Mitigation steps:

Affected products:

Mercusys AC12G

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-36606
https://github.com/Tymbark7372/MERCUSYS-AC12G/blob/master/advisories/CVE-2026-36606.md

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page