Cyber Resilience

CVE-2020-37092

CriticalPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2020-37092 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Netis Systems (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2020-37092 is a hardcoded root account vulnerability (CWE-798) in the Netis E1+ network device, specifically version 1.2.32533. This flaw embeds a root account with predefined credentials, enabling unauthorized access without authentication. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting its high severity due to network accessibility, low attack complexity, and significant confidentiality impact.

Unauthenticated remote attackers can exploit this vulnerability by leveraging the embedded root account and its crackable password. Successful exploitation grants full administrative access to the affected network device, potentially allowing attackers to control device functions, extract sensitive configuration data, or pivot to other network resources.

Advisories and related resources include the vendor site at http://www.netis-systems.com, an Exploit-DB entry at https://www.exploit-db.com/exploits/48382 detailing a public exploit, and a Vulncheck advisory at https://www.vulncheck.com/advisories/netis-e-backdoor-account-root focused on the backdoor root account. These references provide additional technical details that security practitioners should consult for mitigation guidance or patch availability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network…

more

device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Why these techniques?

Hardcoded root credentials directly enable use of default/valid accounts for remote device access (T1078.001) and external remote services exploitation (T1133).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23647Shared CWE-798
CVE-2024-46429Shared CWE-798
CVE-2026-42376Shared CWE-798
CVE-2026-28777Shared CWE-798
CVE-2026-42375Shared CWE-798
CVE-2024-46436Shared CWE-798
CVE-2026-28776Shared CWE-798
CVE-2021-47796Shared CWE-798
CVE-2018-25138Shared CWE-798
CVE-2026-27507Shared CWE-798

Affected Assets

Netis Systems
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires changing default authenticators prior to first use and ensuring sufficient strength, addressing the hardcoded root account with crackable password.

prevent

Mandates management and disabling of unnecessary accounts, preventing exploitation of the embedded root account.

prevent

Requires timely identification, reporting, and remediation of flaws like this hardcoded credentials vulnerability through patching.

References