CVE-2026-36741

HighRCE

Published: 13 May 2026

Published

13 May 2026

Modified

14 May 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0017 38.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-36741 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, ranked at the 38.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands…

through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-77

References

https://github.com/N0tMilk/vulnerability-research
cve@mitre.org
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741
cve@mitre.org
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741
134c704f-9b21-4f2e-91b3-4a467353bcc0