Linksys Mx4200
6 CVEs affecting Linksys Mx4200. Latest disclosed: 2026-02-25. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27850 | | 2026-02-25 | Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are… | |
CVE-2026-27849 | | 2026-02-25 | Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for… | |
CVE-2026-27848 | | 2026-02-25 | Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root… | |
CVE-2026-27847 | | 2026-02-25 | Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known… | |
CVE-2026-27846 | | 2026-02-25 | Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain… | |
CVE-2026-25603 | | 2026-02-24 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB dr… |