These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A critical unauthenticated command injection vulnerability affects Netis AC1200 Router firmware version NC21 V4.0.1.4296. The /cgi-bin/skk_set.cgi endpoint passes the password and new_pwd_confirm POST parameters directly to the underlying OS shell without sanitization, enabling arbitrary command execution via backtick-wrapped, base64-encoded payloads. The endpoint requires no authentication, allowing any [truncated]
A critical authentication bypass vulnerability in the Netis AC1200 Router (NC21) allows unauthenticated LAN attackers to retrieve the complete device configuration, including administrative credentials, WiFi passwords, PPPoE credentials, DDNS credentials, and a full enumeration of connected devices. The vulnerability resides in the `/cgi-bin/skk_get.cgi` endpoint, which returns the entire router configura [truncated]
CVE-2019-19356 is a Netis WF2419 device remote code execution vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. Because it is on the KEV list, defenders should treat it as an active risk and prioritize remediation using the vendor’s update guidance.