CVE-2026-36540
Published: 27 May 2026
Summary
CVE-2026-36540 is a high-severity Command Injection (CWE-77) vulnerability in Netis System (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated command injection in web CGI endpoint directly enables remote OS command execution (T1190) via Unix shell (T1059.004).
NVD Description
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by wrapping…
more
them in backticks (`) and encoding them in base64. Because the endpoint requires no authentication, any device on the LAN can achieve full Remote Code Execution on the router's operating system with a single HTTP POST request.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)
- OWASP Top 10 Web 2025