CVE-2026-6992

Name of the Vulnerable Software and Affected Versions Linksys MR9600 version 2.0.6.206937

Description An OS command injection issue exists in the JNAP Action Handler component. The BTRequestGetSmartConnectStatus() function within the /etc/init.d/run central2.sh file fails to neutralize special elements in the pin argument. This allows a remote attacker to execute arbitrary code on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.