Linksys Mr9600 Firmware vulnerabilities

CVE-2026-25603 [MEDIUM] CWE-22 CVE-2026-25603: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Link Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530

CVE-2022-24372 [MEDIUM] CWE-59 CVE-2022-24372: Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to t Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.