Volerion logoVolerion
Volerion logoVolerion

Mercusys AC12G DNS Version Disclosure Vulnerability

Vulnerability

A vulnerability exists in the Mercusys AC12G (EU) V1 router, specifically in the DNS resolver component running Unbound version 1.22.0. The router responds to CHAOS TXT queries for 'version.bind' and 'hostname.bind', disclosing the DNS software version and internal hostname. This information can aid targeted attacks against known vulnerabilities in the DNS resolver. The issue is present in the router's default configuration and can be exploited by any device on the local network that sends DNS queries to the router.

Impact

The vulnerability exposes the exact version of the DNS resolver software (Unbound 1.22.0) and the internal hostname 'mms-unbound', which identifies the device as a Mercusys router. This information could be used for targeted attacks against known vulnerabilities in that version of Unbound.

Remediation

To address this vulnerability, configure Unbound to hide the version and identity by setting 'hide-version: yes' and 'hide-identity: yes'.

Added: Jun 3, 2026, 7:42 PM
Updated: Jun 3, 2026, 7:42 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
4.9
remediation
0.0
relevance
9.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.