CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36607

Mercusys AC12G (EU) V1 router, firmware AC12G(EU)_V1_200909, is affected by CVE-2026-36607. The TDDP password change endpoint (code=10) allows unauthenticated brute-force attempts without rate limiting, unlike the login endpoint (code=7). An attacker on an adjacent network can attempt unlimited p...

TRENDnet TEW-411BRPplus Command Injection Vulnerability

The TRENDnet TEW-411BRPplus is a wireless router from Trendnet, Inc. A command injection vulnerability exists in the TRENDnet TEW-411BRPplus version v.2.07eu, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

D-Link DIR-868L 安全漏洞

The D-Link DIR-868L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-868L fwrevA1-12eumulti20170316 version, which originates from a buffer overflow contained in the fgets function in the param2 parameter of the inetntoa function...

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

D-Link DSL-3782 Code Execution Vulnerability

The D-Link DSL-3782 is a wireless router product from AUO D-Link. A security vulnerability exists in the D-Link DSL-3782 EU version 1.01. The vulnerability can be exploited by an attacker to cause memory corruption, potentially redirecting program flow and executing arbitrary code...