CVE-2026-27849
published 2026-02-25CVE-2026-27849: Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | mr9600 | — | — |
| linksys | mx4200 | — | — |