What is GHSA-x2w7-3ffq-rg3v?

GHSA-x2w7-3ffq-rg3v is a security advisory published by GitHub Security Advisories with High severity. Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the ...

Which CVE IDs does GHSA-x2w7-3ffq-rg3v cover?

GHSA-x2w7-3ffq-rg3v covers the following CVE IDs: CVE-2026-36540. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-x2w7-3ffq-rg3v?

GHSA-x2w7-3ffq-rg3v has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

GHSA-x2w7-3ffq-rg3vHighCVSS 7.3

Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the ...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-36540 →

📋 Description

Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by wrapping them in backticks (`) and encoding them in base64. Because the endpoint requires no authentication, any device on the LAN can achieve full Remote Code Execution on the router's operating system with a single HTTP POST request.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-36540
https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36540/readme.md
http://netis-system.com
https://github.com/advisories/GHSA-x2w7-3ffq-rg3v