CVE-2026-36538

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 27, 2026

Vendor unknown

Description

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.

References

http://netis-system.com
https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36538/readme.md