{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25603", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "state": "PUBLISHED", "assignerShortName": "ENISA", "dateReserved": "2026-02-03T07:24:49.548Z", "datePublished": "2026-02-24T17:14:36.141Z", "dateUpdated": "2026-02-24T18:13:33.449Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "MR9600", "vendor": "Linksys", "versions": [{"status": "affected", "version": "1.0.4.205530"}]}, {"defaultStatus": "unaffected", "product": "MX4200", "vendor": "Linksys", "versions": [{"status": "affected", "version": "1.0.13.210200"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that&nbsp;contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.<p>This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that\u00a0contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}], "impacts": [{"capecId": "CAPEC-251", "descriptions": [{"lang": "en", "value": "CAPEC-251 Local Code Inclusion"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-02-24T17:14:36.141Z"}, "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Path Traversal vulnerability in Linksys MR9600, Linksys MX4200", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:11:45.463586Z", "id": "CVE-2026-25603", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:13:33.449Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25603", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T18:11:45.463586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:11:40.771Z"}}], "cna": {"title": "Path Traversal vulnerability in Linksys MR9600, Linksys MX4200", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-251", "descriptions": [{"lang": "en", "value": "CAPEC-251 Local Code Inclusion"}]}], "affected": [{"vendor": "Linksys", "product": "MR9600", "versions": [{"status": "affected", "version": "1.0.4.205530"}], "defaultStatus": "affected"}, {"vendor": "Linksys", "product": "MX4200", "versions": [{"status": "affected", "version": "1.0.13.210200"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that\u00a0contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.", "supportingMedia": [{"type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that&nbsp;contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.<p>This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-02-24T17:14:36.141Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25603", "state": "PUBLISHED", "dateUpdated": "2026-02-24T18:13:33.449Z", "dateReserved": "2026-02-03T07:24:49.548Z", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "datePublished": "2026-02-24T17:14:36.141Z", "assignerShortName": "ENISA"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:mr9600_firmware:1.0.4.205530:*:*:*:*:*:*:*", "matchCriteriaId": "53E39864-0A63-4188-A91B-CA024C56237C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:mr9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEF496D6-F5A4-4859-9BAC-016EB64A701C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:mx4200_firmware:1.0.4.205530:*:*:*:*:*:*:*", "matchCriteriaId": "7885670B-8DCF-42F3-8644-B6F240D5E84B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:mx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D53D1E6-E087-4837-A2A4-3512644E3DC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that\u00a0contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}], "id": "CVE-2026-25603", "lastModified": "2026-02-26T18:10:54.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-24T18:29:33.167", "references": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt"}], "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.4.205530"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MR9600", "source": "cna", "vendor": "Linksys"}, "product": "mr9600", "vendor": "linksys"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.13.210200"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "mx4200", "vendor": "linksys"}], "analysis": {"en": {"generated_at": "2026-04-17T15:42:03.074481+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update for the Linksys MR9600 and MX4200 that eliminates the path traversal flaw.", "Disable or restrict the USB drive mounting feature to prevent arbitrary filesystem access.", "Configure the router to block execution of scripts from external media or limit root\u2011level privileges on mounted volumes."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Linksys MR9600 (firmware 1.0.4.205530) and Linksys MX4200 (firmware 1.0.13.210200) are affected. These models expose the flaw through their USB drive mounting functionality.", "description_and_impact": "The vulnerability is a classic path traversal flaw that allows a local user to mount the contents of a USB drive partition to any directory within the router\u2019s filesystem. If an attacker successfully mounts the drive in a directory containing executable scripts, these scripts can be run with root privileges, effectively allowing the attacker to take full control of the device. The weakness cited is CWE\u201122, and the impact is confined to the device\u2019s firmware and the operations it performs.", "risk_and_exploitability": "The CVSS score of 6.6 reflects a moderate severity, but the EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a trusted user inserting a USB drive containing a crafted partition; thus it requires local access or physical possession of the device."}}}}, "created": "2026-02-25T11:35:51.162236+00:00", "updated": "2026-04-17T15:45:15.906854+00:00", "vendors": ["linksys", "linksys$PRODUCT$mr9600", "linksys$PRODUCT$mx4200"]}