Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities found for MR9600 by Linksys
CVE-2026-6992 (GCVE-0-2026-6992)
Vulnerability from nvd – Published: 2026-04-25 18:00 – Updated: 2026-04-27 13:34
VLAI?
Title
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
Summary
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:10:55.443763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:34:09.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:linksys:mr9600_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"JNAP Action Handler"
],
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "2.0.6.206937"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wuuu (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T18:00:20.422Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359544 | Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359544"
},
{
"name": "VDB-359544 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359544/cti"
},
{
"name": "Submit #797086 | Linksys MR9600 Firmware 2.0.6.206937 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/797086"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/utmost3/cve/issues/2"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-24T21:45:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6992",
"datePublished": "2026-04-25T18:00:20.422Z",
"dateReserved": "2026-04-24T19:39:58.219Z",
"dateUpdated": "2026-04-27T13:34:09.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4558 (GCVE-0-2026-4558)
Vulnerability from nvd – Published: 2026-03-22 17:29 – Updated: 2026-03-23 16:06
VLAI?
Title
Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
Summary
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:06:42.703555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:06:52.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:linksys:mr9600_firmware:*:*:*:*:*:*:*:*"
],
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "2.0.6.206937"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wuuu (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T17:29:35.187Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-352385 | Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.352385"
},
{
"name": "VDB-352385 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.352385"
},
{
"name": "Submit #775036 | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.775036"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/utmost3/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-21T21:52:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4558",
"datePublished": "2026-03-22T17:29:35.187Z",
"dateReserved": "2026-03-21T20:47:50.172Z",
"dateUpdated": "2026-03-23T16:06:52.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27850 (GCVE-0-2026-27850)
Vulnerability from nvd – Published: 2026-02-25 16:58 – Updated: 2026-02-25 19:11
VLAI?
Title
Improper verification in Linksys MR9600, Linksys MX4200
Summary
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
7.5 (High)
CWE
- cwe-940 Improper Verification of Source of a Communication Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27850",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T19:11:25.500248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:11:29.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-940 Improper Verification of Source of a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:58:06.450Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-014.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper verification in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27850",
"datePublished": "2026-02-25T16:58:06.450Z",
"dateReserved": "2026-02-24T07:07:48.974Z",
"dateUpdated": "2026-02-25T19:11:29.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27849 (GCVE-0-2026-27849)
Vulnerability from nvd – Published: 2026-02-25 16:20 – Updated: 2026-02-26 16:47
VLAI?
Title
Missing neutralization in Linksys MR9600, Linksys MX4200
Summary
Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:46:53.068105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:47:01.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:20:25.395Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-011.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing neutralization in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27849",
"datePublished": "2026-02-25T16:20:25.395Z",
"dateReserved": "2026-02-24T07:07:48.974Z",
"dateUpdated": "2026-02-26T16:47:01.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27848 (GCVE-0-2026-27848)
Vulnerability from nvd – Published: 2026-02-25 15:15 – Updated: 2026-02-26 16:51
VLAI?
Title
Missing neutralization in Linksys MR9600, Linksys MX4200
Summary
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27848",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:50:25.890966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:51:13.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:15:16.186Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-010.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing neutralization in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27848",
"datePublished": "2026-02-25T15:15:16.186Z",
"dateReserved": "2026-02-24T07:07:48.974Z",
"dateUpdated": "2026-02-26T16:51:13.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27847 (GCVE-0-2026-27847)
Vulnerability from nvd – Published: 2026-02-25 15:10 – Updated: 2026-02-26 16:56
VLAI?
Title
Missing authentication in Linksys MR9600, Linksys MX4200
Summary
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27847",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:55:30.669110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:23.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:10:30.771Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing authentication in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27847",
"datePublished": "2026-02-25T15:10:30.771Z",
"dateReserved": "2026-02-24T07:07:48.973Z",
"dateUpdated": "2026-02-26T16:56:23.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27846 (GCVE-0-2026-27846)
Vulnerability from nvd – Published: 2026-02-25 15:03 – Updated: 2026-02-25 18:36
VLAI?
Title
Missing authentication in Linksys MR9600, Linksys MX4200
Summary
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network
to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
6.2 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:35:57.582373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T18:36:03.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network\u0026nbsp;\u003cbr\u003eto gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network\u00a0\nto gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:03:58.616Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing authentication in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27846",
"datePublished": "2026-02-25T15:03:58.616Z",
"dateReserved": "2026-02-24T07:07:48.973Z",
"dateUpdated": "2026-02-25T18:36:03.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6992 (GCVE-0-2026-6992)
Vulnerability from cvelistv5 – Published: 2026-04-25 18:00 – Updated: 2026-04-27 13:34
VLAI?
Title
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
Summary
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:10:55.443763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:34:09.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:linksys:mr9600_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"JNAP Action Handler"
],
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "2.0.6.206937"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wuuu (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T18:00:20.422Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359544 | Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359544"
},
{
"name": "VDB-359544 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359544/cti"
},
{
"name": "Submit #797086 | Linksys MR9600 Firmware 2.0.6.206937 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/797086"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/utmost3/cve/issues/2"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-24T21:45:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6992",
"datePublished": "2026-04-25T18:00:20.422Z",
"dateReserved": "2026-04-24T19:39:58.219Z",
"dateUpdated": "2026-04-27T13:34:09.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4558 (GCVE-0-2026-4558)
Vulnerability from cvelistv5 – Published: 2026-03-22 17:29 – Updated: 2026-03-23 16:06
VLAI?
Title
Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
Summary
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:06:42.703555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:06:52.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:linksys:mr9600_firmware:*:*:*:*:*:*:*:*"
],
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "2.0.6.206937"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wuuu (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T17:29:35.187Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-352385 | Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.352385"
},
{
"name": "VDB-352385 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.352385"
},
{
"name": "Submit #775036 | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.775036"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/utmost3/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-21T21:52:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4558",
"datePublished": "2026-03-22T17:29:35.187Z",
"dateReserved": "2026-03-21T20:47:50.172Z",
"dateUpdated": "2026-03-23T16:06:52.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27850 (GCVE-0-2026-27850)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:58 – Updated: 2026-02-25 19:11
VLAI?
Title
Improper verification in Linksys MR9600, Linksys MX4200
Summary
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
7.5 (High)
CWE
- cwe-940 Improper Verification of Source of a Communication Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27850",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T19:11:25.500248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:11:29.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-940 Improper Verification of Source of a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:58:06.450Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-014.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper verification in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27850",
"datePublished": "2026-02-25T16:58:06.450Z",
"dateReserved": "2026-02-24T07:07:48.974Z",
"dateUpdated": "2026-02-25T19:11:29.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27849 (GCVE-0-2026-27849)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:20 – Updated: 2026-02-26 16:47
VLAI?
Title
Missing neutralization in Linksys MR9600, Linksys MX4200
Summary
Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:46:53.068105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:47:01.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:20:25.395Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-011.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing neutralization in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27849",
"datePublished": "2026-02-25T16:20:25.395Z",
"dateReserved": "2026-02-24T07:07:48.974Z",
"dateUpdated": "2026-02-26T16:47:01.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27848 (GCVE-0-2026-27848)
Vulnerability from cvelistv5 – Published: 2026-02-25 15:15 – Updated: 2026-02-26 16:51
VLAI?
Title
Missing neutralization in Linksys MR9600, Linksys MX4200
Summary
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27848",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:50:25.890966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:51:13.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:15:16.186Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-010.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing neutralization in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27848",
"datePublished": "2026-02-25T15:15:16.186Z",
"dateReserved": "2026-02-24T07:07:48.974Z",
"dateUpdated": "2026-02-26T16:51:13.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27847 (GCVE-0-2026-27847)
Vulnerability from cvelistv5 – Published: 2026-02-25 15:10 – Updated: 2026-02-26 16:56
VLAI?
Title
Missing authentication in Linksys MR9600, Linksys MX4200
Summary
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27847",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:55:30.669110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:23.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.\u003cbr\u003e\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:10:30.771Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing authentication in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27847",
"datePublished": "2026-02-25T15:10:30.771Z",
"dateReserved": "2026-02-24T07:07:48.973Z",
"dateUpdated": "2026-02-26T16:56:23.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27846 (GCVE-0-2026-27846)
Vulnerability from cvelistv5 – Published: 2026-02-25 15:03 – Updated: 2026-02-25 18:36
VLAI?
Title
Missing authentication in Linksys MR9600, Linksys MX4200
Summary
Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network
to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Severity ?
6.2 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:35:57.582373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T18:36:03.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MR9600",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.4.205530"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX4200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.13.210200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network\u0026nbsp;\u003cbr\u003eto gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.\u003cp\u003eThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.\u003c/p\u003e"
}
],
"value": "Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network\u00a0\nto gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:03:58.616Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing authentication in Linksys MR9600, Linksys MX4200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-27846",
"datePublished": "2026-02-25T15:03:58.616Z",
"dateReserved": "2026-02-24T07:07:48.973Z",
"dateUpdated": "2026-02-25T18:36:03.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202204-1970
Vulnerability from variot - Updated: 2024-11-23 22:40Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. Cisco Systems (Linksys) of mr9600 A link interpretation vulnerability exists in firmware.Information may be obtained. Linksys MR9600 is a wireless router from Linksys Company in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1970",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mr9600",
"scope": "lt",
"trust": 1.6,
"vendor": "linksys",
"version": "2.0.5"
},
{
"model": "mr9600",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba linksys",
"version": null
},
{
"model": "mr9600",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba linksys",
"version": "mr9600 firmware 2.0.5"
},
{
"model": "mr9600",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba linksys",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"cve": "CVE-2022-24372",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24372",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-36962",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2022-24372",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24372",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24372",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-24372",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-36962",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-4521",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
},
{
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. Cisco Systems (Linksys) of mr9600 A link interpretation vulnerability exists in firmware.Information may be obtained. Linksys MR9600 is a wireless router from Linksys Company in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "VULMON",
"id": "CVE-2022-24372"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24372",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-36962",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-24372",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "VULMON",
"id": "CVE-2022-24372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
},
{
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"id": "VAR-202204-1970",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
}
]
},
"last_update_date": "2024-11-23T22:40:29Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Linksys MR9600 Post Link Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/332746"
},
{
"title": "Linksys MR9600 Post-link vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191927"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.0
},
{
"problemtype": "Link interpretation problem (CWE-59) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.linksys.com/de/linksys-dual-band-mesh-wifi-6-router-mr9600/p/p-mr9600/"
},
{
"trust": 2.5,
"url": "https://www.linksys.com/mesh-routers/linksys-dual-band-mesh-wifi-6-router-mr9600/p/p-mr9600/"
},
{
"trust": 2.5,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2021-046.txt"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24372"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24372/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "VULMON",
"id": "CVE-2022-24372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
},
{
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "VULMON",
"id": "CVE-2022-24372"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
},
{
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"date": "2022-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24372"
},
{
"date": "2023-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"date": "2022-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-4521"
},
{
"date": "2022-04-27T18:15:07.787000",
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"date": "2022-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24372"
},
{
"date": "2023-07-31T08:21:00",
"db": "JVNDB",
"id": "JVNDB-2022-008819"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-4521"
},
{
"date": "2024-11-21T06:50:17.107000",
"db": "NVD",
"id": "CVE-2022-24372"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys MR9600 Post Link Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-36962"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-4521"
}
],
"trust": 0.6
}
}