By weakness (CWE)
CWE-350: related vulnerabilities
CVEs classified under CWE-350. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-36604MEDIUM 6.5
A Mercusys AC12G (EU) V1 router running firmware version AC12G(EU)_V1_200909 fails to validate the HTTP Host header in requests, creating an opening for DNS rebinding attacks. When an attacker controls a domain, they can redirect that domain to the router's internal IP address. The router's existing CORS misconfiguration (which already allows requests from any origin) amplifies this weakness, permitting the attacker to extract sensitive information from the router's web interface as if the request came from a trusted source. This vulnerability requires user interaction—typically visiting a malicious website—but does not require authentication.