CVE-2026-36608EPSS p7.8%

CVE-2026-36608CVE-2026-36608

Description

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the internet with a single SOAP request.

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.18% probability of exploitation · percentile 7.8% · 2026-06-18T12:00:27Z
Last modified2026-06-04

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-36603
CVE
CVE-2026-36611
CVE
CVE-2026-36602
CVE
CVE-2026-36604
CVE
CVE-2026-36615
CVE
CVE-2026-36613
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.