CVE-2026-27847
CRITICALMR9600 1.0.4.205530/MX4200 1.0.13.210200 - SQL Injection
Title source: llmDescription
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
References (1)
Core 1
Core References
Various Sources third-party-advisory
technical-description
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-009.txt
Scores
CVSS v3
9.8
EPSS
0.0007
EPSS Percentile
21.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (2)
Linksys/MR9600
1.0.4.205530
Linksys/MX4200
1.0.13.210200
Published
Feb 25, 2026
Tracked Since
Feb 25, 2026