{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27848", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "state": "PUBLISHED", "assignerShortName": "ENISA", "dateReserved": "2026-02-24T07:07:48.974Z", "datePublished": "2026-02-25T15:15:16.186Z", "dateUpdated": "2026-02-26T16:51:13.433Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "MR9600", "vendor": "Linksys", "versions": [{"status": "affected", "version": "1.0.4.205530"}]}, {"defaultStatus": "unaffected", "product": "MX4200", "vendor": "Linksys", "versions": [{"status": "affected", "version": "1.0.13.210200"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.<br><p>This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.</p>"}], "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-02-25T15:15:16.186Z"}, "references": [{"tags": ["third-party-advisory", "technical-description"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-010.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing neutralization in Linksys MR9600, Linksys MX4200", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T16:50:25.890966Z", "id": "CVE-2026-27848", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:51:13.433Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-27848", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T16:50:25.890966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:50:39.948Z"}}], "cna": {"title": "Missing neutralization in Linksys MR9600, Linksys MX4200", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Linksys", "product": "MR9600", "versions": [{"status": "affected", "version": "1.0.4.205530"}], "defaultStatus": "affected"}, {"vendor": "Linksys", "product": "MX4200", "versions": [{"status": "affected", "version": "1.0.13.210200"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-010.txt", "tags": ["third-party-advisory", "technical-description"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.", "supportingMedia": [{"type": "text/html", "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.<br><p>This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-02-25T15:15:16.186Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27848", "state": "PUBLISHED", "dateUpdated": "2026-02-26T16:51:13.433Z", "dateReserved": "2026-02-24T07:07:48.974Z", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "datePublished": "2026-02-25T15:15:16.186Z", "assignerShortName": "ENISA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.\nThis issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}, {"lang": "es", "value": "Debido a la falta de neutralizaci\u00f3n de elementos especiales, se pueden inyectar comandos del SO a trav\u00e9s del handshake de una conexi\u00f3n TLS-SRP, los cuales se ejecutan finalmente como el usuario root.\nEste problema afecta a MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}], "id": "CVE-2026-27848", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-25T16:23:29.037", "references": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-010.txt"}], "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.4.205530"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MR9600", "source": "cna", "vendor": "Linksys"}, "product": "mr9600", "vendor": "linksys"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.13.210200"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MX4200", "source": "cna", "vendor": "Linksys"}, "product": "mx4200", "vendor": "linksys"}], "analysis": {"en": {"generated_at": "2026-04-18T10:42:46.804752+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update from Linksys that addresses the TLS\u2011SRP command injection flaw.", "If no update is available, disable TLS\u2011SRP or block the port used for TLS\u2011SRP communication on the affected routers.", "Configure network firewall rules to restrict unauthenticated traffic to the routers, ensuring only trusted internal networks can reach the management interface."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Linksys MR9600 firmware version 1.0.4.205530 and Linksys MX4200 firmware version 1.0.13.210200 are listed as vulnerable. These devices are consumer\u2011grade routers used in home or small\u2011office environments; the firmware versions are the only ones mentioned as affected.", "description_and_impact": "This vulnerability arises from a missing neutralization of special elements in the TLS\u2011SRP handshake implementation. The flaw allows an attacker to inject arbitrary operating\u2011system commands that are subsequently executed with root privileges on the device. Because the commands run as root, the attacker could take full control of the device, compromise network traffic, or install persistent malware. The weakness is identified by CWE\u201178, a classic example of command\u2011injection.", "risk_and_exploitability": "The CVSS score of 9.8 signals critical severity, and while the EPSS score is below 1\u202f% indicating a low probability of exploitation, the flaw is reachable over the network and the description does not explicitly state whether authentication is required, so this remains uncertain. The vulnerability is not currently catalogued in CISA\u2019s KEV list, but its remote command execution capability means it is a high\u2011risk finding for any network that can reach the affected routers."}}}}, "created": "2026-02-26T13:15:54.343901+00:00", "updated": "2026-04-18T10:45:43.669525+00:00", "vendors": ["linksys", "linksys$PRODUCT$mr9600", "linksys$PRODUCT$mx4200"]}