4 matches found
CVE-2026-27847
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...
EUVD-2026-8649
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...
CVE-2026-27848 Missing neutralization in Linksys MR9600, Linksys MX4200
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...
CVE-2026-27847
Summary: CVE-2026-27847 affects Linksys MR9600 (version 1.0.4.205530) and Linksys MX4200 (version 1.0.13.210200). The issue arises from improper neutralization of special elements, enabling SQL injection during the TLS-SRP handshake. Attackers could inject known credentials into the database and ...