CVE-2026-27850

HIGH

Linksys MR9600 1.0.4.205530 and MX4200 1.0.13.210200 - Unauthenticated Service Exposure via WAN Port 5222

Title source: llm
STIX 2.1

Description

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

References (1)

Core 1
Core References
Various Sources third-party-advisory technical-description
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-014.txt

Scores

CVSS v3 7.5
EPSS 0.0005
EPSS Percentile 14.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

Status published
Products (2)
Linksys/MR9600 1.0.4.205530
Linksys/MX4200 1.0.13.210200
Published Feb 25, 2026
Tracked Since Feb 26, 2026