CVE-2026-36611EPSS p13.7%

CVE-2026-36611CVE-2026-36611

Description

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers.

Scoring

CVSS 7.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS0.23% probability of exploitation · percentile 13.7% · 2026-06-19T12:03:05Z
Last modified2026-06-04

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-36613
CVE
CVE-2026-36608
CVE
CVE-2026-36603
CVE
CVE-2026-36615
CVE
CVE-2026-36602
CVE
CVE-2026-36605
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.