Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/02/25 10:19 p.m.6 views

CVE-2026-25603

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

6.6CVSS5.7AI score0.00256EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/25 4:58 p.m.25 views

CVE-2026-27850 Improper verification in Linksys MR9600, Linksys MX4200

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 4:58 p.m.16 views

CVE-2026-27850

The CVE-2026-27850 issue is a misconfigured firewall rule on Linksys MR9600 and MX4200 routers that causes the WAN port to accept connections from source port 5222, exposing services normally restricted to the LAN. Affected versions are MR9600 1.0.4.205530 and MX4200 1.0.13.210200. The exposure c...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 4:20 p.m.24 views

CVE-2026-27849 Missing neutralization in Linksys MR9600, Linksys MX4200

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 4:20 p.m.3 views

CVE-2026-27849 Missing neutralization in Linksys MR9600, Linksys MX4200

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

5.5AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 4:20 p.m.22 views

CVE-2026-27849

CVE-2026-27849 affects Linksys MR9600 (1.0.4.205530) and Linksys MX4200 (1.0.13.210200). Root cause is missing neutralization of special elements, allowing OS command injection through the update path of a TLS-SRP connection used for mesh-network configuration. CVSSv3.1 base score 9.8 (CRITICAL) ...

9.8CVSS5.5AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 3:15 p.m.35 views

CVE-2026-27848 Missing neutralization in Linksys MR9600, Linksys MX4200

Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 3:15 p.m.12 views

CVE-2026-27848

CVE-2026-27848 affects Linksys MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200). Root cause: missing neutralization of special elements allows OS command injection via the TLS-SRP handshake, with commands executed as root. Some connected sources indicate a PoC/exploitation possibility, but no in-...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 3:10 p.m.31 views

CVE-2026-27847 Missing authentication in Linksys MR9600, Linksys MX4200

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...

0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 3:10 p.m.15 views

CVE-2026-27847

Summary: CVE-2026-27847 affects Linksys MR9600 (version 1.0.4.205530) and Linksys MX4200 (version 1.0.13.210200). The issue arises from improper neutralization of special elements, enabling SQL injection during the TLS-SRP handshake. Attackers could inject known credentials into the database and ...

9.8CVSS5.7AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 3:3 p.m.15 views

CVE-2026-27846

The CVE-2026-27846 entry involves missing authentication that allows a user with physical access to a Linksys MR9600 (firmware 1.0.4.205530) or MX4200 (firmware 1.0.13.210200) to misuse the mesh functionality and potentially access sensitive information, including the admin web interface password...

6.2CVSS5.2AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 3:3 p.m.24 views

CVE-2026-27846 Missing authentication in Linksys MR9600, Linksys MX4200

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...

0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.13 views

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities...

9.8CVSS5.9AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

Linksys MR9600 安全漏洞

The Linksys MR9600 is a wireless router produced by the American company Linksys. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities. These vulnerabilities stem from the lack of authentication, which may lead to the disclosure o...

6.2CVSS5.8AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities...

9.8CVSS5.9AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities,...

9.8CVSS5.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 6:29 p.m.6 views

CVE-2026-25603

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

6.6CVSS6AI score0.00256EPSS
Exploits1References1
NVD
NVD
added 2026/02/24 6:29 p.m.6 views

CVE-2026-25603

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

6.6CVSS0.00256EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 5:14 p.m.3 views

CVE-2026-25603

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

6.6CVSS6.1AI score0.00256EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder