What is the CVSS score of CVE-2026-36539?

CVE-2026-36539 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Netis AC1200 Router are affected by CVE-2026-36539?

Netis AC1200 Router NC21 units running firmware V4.0.1.4296 expose administrator and WiFi credentials to any device on your internal network through an unauthenticated configuration access…

Netis AC1200 Router CVE-2026-36539

HIGH

Information Exposure (CWE-200)

2026-05-27 cve@mitre.org

Information Disclosure

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

May 28, 2026 - 14:22 vuln.today

CVSS changed

May 28, 2026 - 14:22 NVD

7.3 (HIGH)

CVE Published

May 27, 2026 - 14:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi passwords, PPPoE credentials, DDNS credentials, and a full map of all connected devices.

AnalysisAI

Unauthenticated configuration disclosure in the Netis AC1200 Router NC21 (firmware V4.0.1.4296) allows any LAN-connected attacker to retrieve the device's full configuration via a single HTTP GET to /cgi-bin/skk_get.cgi. The dump exposes administrator credentials, WiFi and PPPoE passwords, DDNS credentials, and a map of connected clients, enabling immediate device takeover and lateral movement. …

RemediationAI

Within 24 hours: Audit your network for Netis AC1200 Router NC21 devices with firmware V4.0.1.4296 and document all affected units. Within 7 days: Implement network segmentation to restrict LAN access to router management interfaces; change all administrator, WiFi, and PPPoE credentials on affected devices; disable remote management if enabled. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-36539 vulnerability details – vuln.today

Back