CVE-2026-36538
Deferred Deferred - Pending Action
Hard-Coded Root Credentials in Netis AC1200 Router NC21 V4.0.1.4296

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: MITRE

Description
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-36538
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
netis ac1200_router 4.0.1.4296
netis_systems ac1200_router 4.0.1.4296
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves a hard-coded root credential with a trivially weak password, allowing an attacker with access to the device to gain full control of the operating system.

Such unauthorized access could lead to compromise of sensitive data or disruption of services, which may result in non-compliance with common standards and regulations like GDPR and HIPAA that require protection of personal and health information.

However, the provided information does not explicitly describe the impact on compliance with these standards.

Executive Summary

CVE-2026-36538 is a critical vulnerability in the Netis AC1200 Router NC21 running firmware version V4.0.1.4296. It involves a hard-coded root credential stored in the file /etc/shadow.sample, where the root password is set to the weak and trivial value "root."

This flaw allows any local attacker who has access to the device to authenticate as the root user and gain full control over the underlying operating system.

The vulnerability can be exploited by using SSH with specific algorithms and the default password "root" to gain root access.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker with access to the device to authenticate as root, giving them full control over the router's operating system.

  • Complete compromise of the router, including configuration and network traffic control.
  • Potential for the attacker to intercept, modify, or redirect network traffic.
  • Use of the compromised router as a foothold to launch further attacks within the network.
  • Loss of confidentiality, integrity, and availability of network services.
Detection Guidance

This vulnerability can be detected by checking if the Netis AC1200 Router NC21 is running firmware version V4.0.1.4296 and if the file /etc/shadow.sample contains a root password set to the weak value "root."

A practical detection method involves attempting to SSH into the device using the username root and the password "root" with specific algorithms as demonstrated in the proof of concept.

  • Check firmware version on the device to confirm it is V4.0.1.4296.
  • Access the device filesystem and inspect the /etc/shadow.sample file for the root password entry.
  • Use an SSH command to attempt login: ssh root@<device_ip> and enter password "root" to verify if authentication succeeds.
Mitigation Strategies

As no patch has been released by the vendor, immediate mitigation steps include restricting access to the device to trusted users only and disabling remote access if possible.

Changing the root password from the default weak value "root" to a strong, unique password is critical if you have access to the device.

Monitor network access to the device closely and consider isolating the device from untrusted networks until a vendor patch or update is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36538. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart