CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25603

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.3%

CVSS Severity

CVSS v3 Score 6.6

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt

Products affected by CVE-2026-25603

Linksys » Mr9600 » Version: N/A

cpe:2.3:h:linksys:mr9600:-
Linksys » Mx4200 » Version: N/A

cpe:2.3:h:linksys:mx4200:-
Linksys » Mr9600 Firmware » Version: 1.0.4.205530

cpe:2.3:o:linksys:mr9600_firmware:1.0.4.205530
Linksys » Mx4200 Firmware » Version: 1.0.4.205530

cpe:2.3:o:linksys:mx4200_firmware:1.0.4.205530

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25603

Products

Pricing

Contact Us