CVE-2026-36741 - Vulnerability Details

- Command Injection in NTP Configuration of U‑SPEED AC1200 Gigabit Wi‑Fi Router

Description

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise.

Published: 2026-05-13

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the NTP configuration interface of the U‑SPEED AC1200 router. Input fields used to set NTP parameters are not properly sanitized, permitting an authenticated user with configuration privileges to inject arbitrary commands. This is a CWE‑77 Command Injection vulnerability. These injected commands are executed with elevated privileges, enabling full system compromise. The impacted characteristic is the potential to run any command on the device, leading to loss of confidentiality, integrity, and availability of the router and any connected devices.

Affected Systems

Affected systems include the U‑SPEED AC1200 Gigabit Wi‑Fi Router, Model T18‑21K, firmware V1.0. The information from the CVE lists only the vendor and model, with no specific version range beyond the identified firmware.

Risk and Exploitability

Risk assessment indicates that the flaw supports high‑impact exploitation. The CVSS score of 7.2, combined with an EPSS score of 0.00173 (less than 1 %), suggests moderate to high risk. Although the vulnerability is not listed in the CISA KEV catalog, the nature of the command injection (CWE‑77) and its privileged execution indicate a severe threat. The likely attack vector is a locally authenticated user or a remote entity that can gain authenticated access to the NTP configuration endpoint, as the description requires such permissions to inject commands.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

U-speed

Ac1200 Gigabit Wifi Router

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the router firmware to a patched version released by the manufacturer if available
Restrict NTP configuration access to a minimal set of trusted users and enforce strong authentication
Disable the NTP configuration interface entirely if it is not required for operation
Consider isolating the router from critical segments of the network to limit the blast radius of any compromise

Generated by OpenCVE AI on May 14, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0028.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/N0tMilk/vulnerability-research
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741

History

Sun, 17 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		U-speed U-speed ac1200 Gigabit Wifi Router
Vendors & Products		U-speed U-speed ac1200 Gigabit Wifi Router

Thu, 14 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		Command Injection in NTP Configuration of U‑SPEED AC1200 Gigabit Wi‑Fi Router

Thu, 14 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-77
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise.
References		https://github.com/N0tMilk/vulnerability-research https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741

Subscriptions

U-speed Ac1200 Gigabit Wifi Router

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-13T00:00:00.000Z

Updated: 2026-05-14T12:38:32.916Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36741

Vulnrichment

Updated: 2026-05-14T12:36:46.997Z

NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:40.840

Modified: 2026-05-14T13:16:17.373

Link: CVE-2026-36741

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-17T19:42:08Z

Weaknesses

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object