CVE-2026-6992
🟡 Monitoruj
Wstrzyknięcie poleceń w Linksys MR9600 umożliwia zdalne wykonanie kodu.
CVSS
7.2
EPSS
0.4%
Exploit
poc
Vendor
linksys
Opis źródłowy (NVD)
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
exploit rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.2 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.4% |
| Opublikowano (NVD) | 2026-04-25 18:16:19 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-30 14:09:56 UTC |
Referencje
- https://github.com/utmost3/cve/issues/2 (cna@vuldb.com) [Exploit, Third Party Advisory, Issue Tracking]
- https://vuldb.com/submit/797086 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359544 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359544/cti (cna@vuldb.com) [Permissions Required, VDB Entry]
- https://www.linksys.com/ (cna@vuldb.com) [Product]