A vulnerability, which was classified as critical , has been found in Mercusys AC12G . The affected element is an unknown function of the component DDNS Service . Performing a manipulation results in channel accessible by non-endpoint. This vulnerability is reported as CVE-2026-36610 . The attacker must have access to the local network to execute the attack. No exploit exists.