Description
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi passwords, PPPoE credentials, DDNS credentials, and a full map of all connected devices.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker on the local network to invoke the /cgi-bin/skk_get.cgi endpoint without any authentication and receive a JSON payload containing the router's full configuration, including administrator credentials, WiFi keys, PPPoE and DDNS credentials, and a map of connected devices. This results in an Information Disclosure attack, granting attackers access to all sensitive credentials and device information, effectively enabling account takeover and further lateral movement within the network. The issue results in an Information Disclosure flaw, though the specific CWE is not listed in the record.

Affected Systems

Netis AC1200 Router NC21, firmware 4.0.1.4296

Risk and Exploitability

The attack vector is a local network access; any device connected to the LAN can trigger the exploit in a single HTTP GET request. Because the endpoint is publicly accessible and requires no credentials, the exploit is trivial to execute as long as the attacker has LAN presence. Severity and exploit probability metrics are missing, but the exposure of administrative credentials and network topology represents a high-risk security event. The vulnerability is not listed in the CISA KEV catalog, and no EPSS score is available, so the current exploitation likelihood cannot be quantified.

Generated by OpenCVE AI on May 27, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Segregate the router's management interface from the LAN using VLAN or a separate network segment.
  • Upgrade the router firmware to a version that removes or secures the /cgi-bin/skk_get.cgi endpoint.
  • If an upgrade is unavailable, block or deny access to /cgi-bin/skk_get.cgi via firewall or router ACLs, and change all router and WiFi passwords immediately.

Generated by OpenCVE AI on May 27, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Retrieval of Router Configuration via Unprotected CGI Endpoint
Weaknesses CWE-200

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi passwords, PPPoE credentials, DDNS credentials, and a full map of all connected devices.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-27T13:15:22.495Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36539

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-27T14:16:45.527

Modified: 2026-05-27T14:16:45.527

Link: CVE-2026-36539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:00:17Z

Weaknesses