This vulnerability affects the Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The device encrypts configuration backups using a hardcoded DES key with single DES in ECB mode, which is cryptographically weak. An attacker with access to a backup file can decrypt it to extract all stored credentials, including the administrator password, WiFi pre-shared key, and DDNS credentials. No patch or official remediation information is currently available, and no known exploits are reported in the wild.

The impact is the exposure of all stored credentials in the router's configuration backup files. This includes the administrative password, WiFi PSK, and DDNS credentials, which could allow unauthorized access to the router and associated network services if an attacker obtains a backup file. The vulnerability compromises confidentiality of sensitive authentication data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid distributing or storing configuration backup files in insecure locations. Limit access to backup files to trusted personnel only. Monitor vendor communications for updates on patches or firmware upgrades addressing this issue.