CVE-2026-36741
CVE-2026-36741
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →