A vulnerability was found in Mercusys AC12G . It has been classified as very critical . Affected is the function AddPortMapping/GetExternalIPAddress of the component Admin Interface . This manipulation causes Remote Code Execution. This vulnerability is handled as CVE-2026-36603 . The attack can only be done within the local network. There is not any exploit available.