This vulnerability affects Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909, where WPS 2.0 is enabled by default with a weak lockout policy. The lockout mechanism only enforces a 60-second delay after 10 failed attempts, which is considered insufficient to prevent brute-force attacks on the WPS PIN. The CVSS 3.1 vector indicates the attack requires adjacent network access with high attack complexity, no privileges, and user interaction. The vulnerability impacts confidentiality and integrity but does not affect availability. No known exploits are reported in the wild, and no patch or official fix has been disclosed.

The vulnerability allows an attacker with adjacent network access to attempt multiple WPS PIN guesses due to a weak lockout policy, potentially compromising the confidentiality and integrity of the device or network. There is no impact on availability. The medium CVSS score reflects the moderate risk posed by this issue.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider disabling WPS if possible or restricting network access to trusted devices to reduce exposure. No official fix or temporary mitigation is currently documented.