9088 matches found
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
CVE-2026-36603
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...
PT-2026-45990
Name of the Vulnerable Software and Affected Versions Mercusys AC12G EU V1 version AC12GEU V1 200909 Description The UPnP GetStatusInfo action discloses kernel memory layout. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, which reveals the kernel...
VulnCheck KEV: CVE-2021-27137
DD-WRT router firmware before changeset 45723 contains a stack buffer overflow vulnerability in the UPnP service that allows remote attackers to execute arbitrary code by sending specially crafted M-SEARCH requests with oversized ST:uuid values via UDP port 1900. Attackers can exploit this...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from UPnP AddPortMapping accepting internal IP addresses, which may allow unauthenticated LAN attackers to...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version released in September 2009 contained security vulnerabilities. These vulnerabilities were caused by the UPnP GetStatusInfo operation, which disclosed the kernel...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. There are security vulnerabilities in the Mercusys AC12G EU V1 and Mercusys AC12G EU V1 version released in September 2009. These vulnerabilities stem from the UPnP port 1900, where POST requests are receive...
EUVD-2026-34142
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...
PT-2026-45996
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the...
CVE-2026-36603
Mercusys AC12G (EU) V1 router (firmware AC12G(EU)_V1_200909) is affected by a UPnP IGD issue: 15 of 18 UPnP actions are exposed without authentication on port 1900, with UPnP enabled by default via the admin interface. This allows any unauthenticated LAN device to create arbitrary port forwarding...
CVE-2026-36602
CVE-2026-36602 affects the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. The issue arises in UPnP GetStatusInfo handling, which discloses kernel memory layout. An unauthenticated attacker on an adjacent network can obtain a raw MIPS KSEG0 kernel pointer, exposing kernel memory ...
CVE-2026-3870
A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...
CVE-2026-3871
A buffer overflow vulnerability in the UPnP DeletePortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...
EUVD-2026-33873
A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...
CVE-2026-3870
A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...
PT-2026-45689
A buffer overflow vulnerability in the UPnP DeletePortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...
PT-2026-45688
A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...
Zyxel VMG4005-B50B 安全漏洞
The Zyxel VMG4005-B50B is a VDSL2/ADSL2+ broadband modem produced by the Chinese company Zyxel. The firmware version 5.13ABRL.5.4C0 and earlier contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the UPnP AddPortMapping command, which could allow adjacent...
Zyxel VMG4005-B50B 安全漏洞
Zyxel VMG4005-B50B is a network device firmware designed for managing the network functions and configurations of Zyxel VMG4005-B50B router devices. There is a buffer overflow vulnerability present in Zyxel VMG4005-B50B. This vulnerability stems from the UPnP DeletePortMapping command failing to...
Learn from Your Mistakes: Tree-Like Self-Play for Secure Code LLMs
While Large Language Models LLMs excel in code generation, they remain prone to replicating subtle yet critical vulnerabilities endemic to their training data. Current alignment techniques, such as Supervised Fine-Tuning SFT and Reinforcement Learning RL, typically apply coarse-grained optimizati...