By weakness (CWE)
CWE-523: related vulnerabilities
CVEs classified under CWE-523. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-36610MEDIUM 5.9
Mercusys AC12G (EU) V1 routers with firmware version AC12G(EU)_V1_200909 transmit Dynamic DNS (DDNS) credentials using only Base64 encoding over unencrypted HTTP connections. Base64 is not encryption—it's merely encoding and can be trivially decoded by anyone observing network traffic. Because the firmware lacks TLS/SSL support entirely, an attacker positioned on the network path can intercept and recover DDNS service credentials, potentially compromising the domain name update service tied to the affected router.