CVE-2026-27848
published 2026-02-25CVE-2026-27848: Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | mr9600 | — | — |
| linksys | mx4200 | — | — |