What is the CVSS score of CVE-2026-36540?

CVE-2026-36540 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.2%.

Which versions of Netis AC1200 Router are affected by CVE-2026-36540?

Netis AC1200 Router (model NC21, firmware V4.0.1.4296) contains an unauthenticated remote command execution vulnerability that allows any local network attacker to execute arbitrary OS commands…

Netis AC1200 Router CVE-2026-36540

HIGH

Command Injection (CWE-77)

2026-05-27 cve@mitre.org

RCE Command Injection

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

May 28, 2026 - 14:23 vuln.today

CVSS changed

May 28, 2026 - 14:22 NVD

7.3 (HIGH)

CVE Published

May 27, 2026 - 14:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by wrapping them in backticks (`) and encoding them in base64. Because the endpoint requires no authentication, any device on the LAN can achieve full Remote Code Execution on the router's operating system with a single HTTP POST request.

AnalysisAI

Unauthenticated remote command injection in the Netis AC1200 Router (model NC21, firmware V4.0.1.4296) allows any LAN-resident attacker to execute arbitrary OS commands as the router's runtime user via a single HTTP POST to /cgi-bin/skk_set.cgi. The password and new_pwd_confirm parameters are concatenated into a shell invocation without sanitization, and exploitation requires no credentials. …

RemediationAI

Within 24 hours: Inventory all Netis AC1200 NC21 routers and document network role and criticality. Within 7 days: Implement network segmentation to restrict LAN administrative access; deploy monitoring rules to alert on HTTP POST requests to /cgi-bin/skk_set.cgi containing suspicious patterns (base64-encoded backticks). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-36540 vulnerability details – vuln.today

Back