5 matches found
CVE-2026-36540
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skkset.cgi endpoint. The password and newpwdconfirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by...
CVE-2026-36539
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...
Netis AC1200 安全漏洞
The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 Router NC21 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the hardcoded root credentials stored in the /etc/shadow.sample file. The...
Netis AC1200 安全漏洞
The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the CGI endpoint/cgi-bin/skkget.cgi function, which can return the entire router...
Netis AC1200 安全漏洞
The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the POST parameters “password” and “newpwdconfirm” being passed directly to the...