Linksys Mr9600
8 CVEs affecting Linksys Mr9600. Latest disclosed: 2026-04-25. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4558 | High | 8.8 | 2026-03-22 | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of… |
CVE-2026-6992 | High | 7.2 | 2026-04-25 | A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh… |
CVE-2026-27850 | | 2026-02-25 | Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are… | |
CVE-2026-27849 | | 2026-02-25 | Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for… | |
CVE-2026-27848 | | 2026-02-25 | Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root… | |
CVE-2026-27847 | | 2026-02-25 | Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known… | |
CVE-2026-27846 | | 2026-02-25 | Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain… | |
CVE-2026-25603 | | 2026-02-24 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB dr… |