Description
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.
Published: 2026-05-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netis AC1200 Router NC21 V4.0.1.4296 stores a hard‑coded root password in /etc/shadow.sample. The password is simply 'root', giving anyone who can access the device the ability to authenticate as the system superuser. This gives the attacker full control of the underlying operating system, enabling any malicious action that requires root privileges.

Affected Systems

Vendors: Netis; Product: AC1200 Router NC21; Firmware version V4.0.1.4296. The affected component is the router's authentication subsystem and the shadow sample file. No other versions are listed as affected.

Risk and Exploitability

With the trivial credential in place, an attacker who can reach the device—whether via local physical connection, compromised LAN, or remote management interface—can easily log in as root. The vulnerability has a CVSS score of 7.3, indicating high severity, and is an authentication flaw (CWE-798). No public exploit or proof‑of‑concept is documented, and it does not appear in CISA KEV. The EPSS score is < 1%, and the lack of updates makes this a pressing risk for routers still running the vulnerable firmware.

Generated by OpenCVE AI on May 28, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official firmware update from Netis that removes the hard‑coded root password or otherwise fixes the authentication issue.
  • If a firmware update is unavailable, immediately change the root password to a strong, unique value and delete or secure /etc/shadow.sample to prevent reuse of the weak credential.
  • Restrict access to the router by limiting physical access, isolating it from the corporate network, and configuring firewall rules or VLANs to restrict remote management traffic.

Generated by OpenCVE AI on May 28, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Netis
Netis ac1200 Router
Vendors & Products Netis
Netis ac1200 Router

Thu, 28 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Hard-coded root credential in Netis AC1200 Router firmware

Thu, 28 May 2026 16:30:00 +0000

Type Values Removed Values Added
Title Root Credential Hard-Coded in Netis AC1200 Router
Weaknesses CWE-287
CWE-522

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Root Credential Hard-Coded in Netis AC1200 Router
Weaknesses CWE-287
CWE-522
CWE-798

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system.
References

Subscriptions

Netis Ac1200 Router
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-28T13:34:14.718Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36538

cve-icon Vulnrichment

Updated: 2026-05-28T13:34:11.153Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T14:16:45.403

Modified: 2026-05-28T14:16:18.853

Link: CVE-2026-36538

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:22:40Z

Weaknesses
  • CWE-798

    Use of Hard-coded Credentials