A critical vulnerability in the Mercusys AC12G router’s UPnP implementation allows attackers to expose the device's internal administrative interface to the internet, creating a significant risk of unauthorized access.

The router's UPnP service improperly validates AddPortMapping requests, allowing an attacker to map external ports to the router's internal administrative interface. This effectively bypasses network segmentation by making the admin panel accessible from outside the local network.

With a CVSS score of 8.8, this flaw is highly critical as it directly exposes administrative controls to external actors. Successful exploitation allows for unauthorized management of the router, potentially resulting in full device control, credential theft, or the interception of sensitive network traffic.

Immediate Action: Disable the UPnP feature on the router immediately if it is not strictly required for network operations.

Proactive Monitoring: Audit current port forwarding rules and UPnP mappings to ensure no unintended services or administrative interfaces are exposed to the WAN.

Compensating Controls: Implement a firewall rule to block all inbound traffic to the router's administrative port from external sources, regardless of UPnP settings.

Public Exploit Available: false

Exposing administrative interfaces to the internet is a severe security failure. Organizations should disable UPnP functionality immediately and verify that no management interfaces are accessible from external networks to mitigate the risk of unauthorized exploitation.