CVE-2026-36615 in AC12G
Summary
by MITRE • 06/03/2026
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/03/2026
This vulnerability resides in the Mercusys AC12G (EU) V1 wireless access point running firmware version AC12G(EU)_V1_200909 which exposes an undocumented administrative endpoint at /agileconfigreset. The flaw represents a classic information disclosure vulnerability where the system fails to properly authenticate requests to this sensitive configuration endpoint, allowing any attacker on the adjacent network to retrieve internal buffer contents without requiring valid credentials. This type of vulnerability falls under CWE-200, which specifically addresses information exposure, and aligns with ATT&CK technique T1213.001 for data from information repositories. The exposure of internal buffer contents can potentially reveal sensitive system information including memory addresses, configuration parameters, or other internal state data that could aid attackers in subsequent exploitation attempts.
The technical implementation of this vulnerability stems from inadequate input validation and access control mechanisms within the web server component of the device. When an attacker sends a request to the undocumented /agileconfigreset endpoint, the system does not properly verify whether the requester has legitimate authorization to access this administrative functionality. This represents a failure in the principle of least privilege and demonstrates poor security by design practices. The adjacent network access requirement suggests that the device does not properly implement network segmentation or firewall rules to restrict access to internal administrative endpoints, making it accessible to any device within the same broadcast domain.
The operational impact of this vulnerability extends beyond simple information disclosure as it provides attackers with potentially valuable reconnaissance data that could be used for further exploitation. Internal buffer contents may contain system configuration details, memory layouts, or other sensitive information that could facilitate more sophisticated attacks such as buffer overflow exploitation or privilege escalation attempts. The fact that this endpoint is undocumented makes it particularly dangerous as network administrators may not be aware of its existence, leaving the device vulnerable to exploitation without proper detection mechanisms. This vulnerability could also enable attackers to gain insights into the device's firmware version and architecture, potentially allowing for targeted attacks against known vulnerabilities in that specific firmware version.
Mitigation strategies should focus on implementing proper access controls and input validation for all administrative endpoints. Network administrators should immediately disable or remove undocumented endpoints where possible, and implement strict authentication requirements for any administrative interfaces. The device should be configured with proper network segmentation to prevent adjacent network access to administrative functions, and firewall rules should be implemented to restrict access to administrative ports and endpoints. Additionally, regular firmware updates should be applied to address known vulnerabilities, and network monitoring should be enhanced to detect unusual access patterns to administrative endpoints. Organizations should also conduct regular security assessments to identify and remediate undocumented or misconfigured administrative interfaces that could pose similar risks. This vulnerability highlights the importance of implementing comprehensive security testing procedures that include both authenticated and unauthenticated access testing to identify potential information disclosure vulnerabilities in network infrastructure devices.