Description
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netis AC1200 Router NC21 V4.0.1.4296 stores a hard‑coded root password in /etc/shadow.sample. The password is simply 'root', giving anyone who can access the device the ability to authenticate as the system superuser. This gives the attacker full control of the underlying operating system, enabling any malicious action that requires root privileges.

Affected Systems

Vendors: Netis; Product: AC1200 Router NC21; Firmware version V4.0.1.4296. The affected component is the router's authentication subsystem and the shadow sample file. No other versions are listed as affected.

Risk and Exploitability

With the trivial credential in place, an attacker who can reach the device—whether via local physical connection, compromised LAN, or remote management interface—can easily log in as root. The vulnerability is a high‑risk authentication flaw (CWE-287/CWE-798). No public exploit or proof‑of‑concept is documented, and it does not appear in CISA KEV. However, the EPSS is not available, and the lack of updates makes this a pressing risk for routers still running the vulnerable firmware.

Generated by OpenCVE AI on May 27, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official firmware update from Netis that removes the hard‑coded root password or otherwise fixes the authentication issue.
  • If a firmware update is unavailable, immediately change the root password to a strong, unique value and delete or secure /etc/shadow.sample to prevent reuse of the weak credential.
  • Restrict access to the router by limiting physical access, isolating it from the corporate network, and configuring firewall rules or VLANs to restrict remote management traffic.

Generated by OpenCVE AI on May 27, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Root Credential Hard-Coded in Netis AC1200 Router
Weaknesses CWE-287
CWE-522
CWE-798

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-27T13:16:19.179Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36538

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-27T14:16:45.403

Modified: 2026-05-27T20:04:31.980

Link: CVE-2026-36538

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:00:08Z

Weaknesses