CRITICALCVE-2026-27847Published Modified CNA ENISA
CVE-2026-27847: Missing authentication in Linksys MR9600, Linksys MX4200
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 2
Affected packages
- Linksys / MR96001.0.4.205530
- Linksys / MX42001.0.13.210200
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences