2 matches found
CVE-2026-36540
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skkset.cgi endpoint. The password and newpwdconfirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by...
CVE-2026-36538
Netis AC1200 Router NC21 (firmware v4.0.1.4296) is affected by a hard-coded root credential stored in /etc/shadow.sample, with the root password set to root. This enables an attacker with device access to authenticate as root and take full control of the OS. The connected Red Hat/NVD entries corr...