Skip to main content

U-SPEED AC1200 EUVDEUVD-2026-30044

| CVE-2026-36741 HIGH
Command Injection (CWE-77)
2026-05-13 cve@mitre.org GHSA-pvcc-fj7g-vm23
7.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 14, 2026 - 13:22 vuln.today
CVSS changed
May 14, 2026 - 13:22 NVD
7.2 (HIGH)
CVE Published
May 13, 2026 - 16:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 13, 2026 - 16:16 nvd
HIGH 7.2

DescriptionCVE.org

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise.

AnalysisAI

Command injection in U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 allows authenticated administrators to execute arbitrary system commands with elevated privileges through the Network Time Protocol (NTP) configuration interface. The vulnerability stems from insufficient input sanitization in NTP settings fields, enabling full system compromise. CVSS score of 7.2 reflects high impact across confidentiality, integrity, and availability. Public proof-of-concept code exists via GitHub repository (N0tMilk/vulnerability-research), though no active exploitation has been confirmed via CISA KEV at time of analysis. EPSS data not available for risk probability assessment.

Technical ContextAI

This vulnerability affects the U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K firmware version 1.0, specifically in the web-based administration interface's NTP configuration module. The flaw is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command), commonly known as command injection. The NTP settings interface fails to sanitize or validate user-supplied input before passing it to system command execution functions. When administrators configure time server addresses or related NTP parameters, the router's firmware directly incorporates this input into shell commands without proper escaping or parameterization. The commands execute in the context of the router's operating system with root or administrative privileges, typical of embedded Linux-based router firmware. This enables injection of shell metacharacters, command separators (such as semicolons, pipes, or backticks), and arbitrary command sequences that the underlying OS interprets and executes.

RemediationAI

No vendor-released patch or firmware update has been identified through available references at time of analysis. Without official vendor remediation, organizations should implement compensating controls with the following trade-offs: (1) Disable remote administrative access to the router's web interface entirely, restricting management to local LAN connections only - this prevents network-based exploitation but complicates remote device administration; (2) Implement strict firewall rules blocking external access to the router's management ports (typically TCP 80/443/8080) while allowing only specific trusted IP addresses on the internal network - reduces attack surface but requires maintained allowlists; (3) Change default administrative credentials immediately to complex passwords (minimum 16 characters, alphanumeric with symbols) and enable multi-factor authentication if available - increases attacker effort but does not eliminate the underlying vulnerability; (4) Monitor router system logs for suspicious NTP configuration changes or failed authentication attempts - provides detection capability but no prevention. Organizations with high-security requirements should consider replacing affected devices with alternative router models from vendors demonstrating active security patch support. Consult the proof-of-concept repository (https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741) for technical details that may inform additional detection rules. Check NVD listing (https://nvd.nist.gov/vuln/detail/CVE-2026-36741) periodically for vendor advisory updates.

Share

EUVD-2026-30044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy