A vulnerability classified as problematic was found in Mercusys AC12G . Impacted is an unknown function of the component TDDP Password Change Endpoint . Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is documented as CVE-2026-36607 . The attack requires being on the local network. There is not any exploit available.