CVE-2026-25603
published 2026-02-24CVE-2026-25603: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB…
medium6.6CVSS 3.1
AVPACLPRNUIRSUCHIHAH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | mr9600 | — | — |
| linksys | mr9600_firmware | — | — |
| linksys | mx4200 | — | — |
| linksys | mx4200_firmware | — | — |