ByteOS Network

NVD Vulnerability Details :

CVE-2026-36741

Awaiting Analysis

Source-cve@mitre.org

Published At-13 May, 2026 | 16:16

Updated At-14 May, 2026 | 13:16

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-77	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-77

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/N0tMilk/vulnerability-research	cve@mitre.org	N/A
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741	cve@mitre.org	N/A
https://github.com/N0tMilk/vulnerability-research/tree/main/IoT/CVE-2026-36741	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A