Mercusys AC12G (EU) V1 Static Nonce Vulnerability Allows Password Recovery

A vulnerability in the Mercusys AC12G (EU) V1 router's authentication mechanism allows for password recovery through the exploitation of a static nonce that does not change between requests from the same source IP. This issue arises in routers running the AC12G(EU)_V1_200909 firmware. The static nonce, combined with a predictable XOR-based password encoding, enables an attacker to reverse-engineer captured authentication tokens to retrieve the plaintext password. The vulnerability also allows for session token replay, as captured tokens remain valid indefinitely without expiration.

Impact

Exploitation of this vulnerability allows for the recovery of plaintext passwords from captured authentication tokens. Additionally, it enables the replay of session tokens, which remain valid indefinitely, and the offline precomputation of session tokens from a password dictionary. All devices using the same password generate identical session tokens.

Remediation

No official fix is planned for this vulnerability, as the product is considered end-of-life. However, in a general context, routers should be updated to the latest firmware version if available. For similar vulnerabilities, it is recommended to generate unique random nonces for each authentication challenge, implement session token expiry and periodic rotation, use cryptographically secure session token generation methods, and bind session tokens to client IP and timestamp.