CVE-2026-4558

Name of the Vulnerable Software and Affected Versions Linksys MR9600 version 2.0.6.206937

Description A flaw exists in the Linksys MR9600 firmware. The smartConnectConfigure function within the SmartConnect.lua file is susceptible to operating system command injection. Manipulation of the arguments configApSsid, configApPassphrase, srpLogin, and srpPassword can lead to unauthorized command execution. The issue is remotely exploitable. Reports indicate the exploit has been published and is potentially being used in attacks. The vendor was notified but did not respond.

Recommendations Linksys MR9600 version 2.0.6.206937: At the moment, there is no information about a newer version that contains a fix for this vulnerability.