Which versions of Linksys MR9600 are affected by CVE-2026-4558?

Linksys MR9600 mesh router firmware 2.0.6.206937 contains an authenticated command injection vulnerability allowing remote attackers to execute arbitrary system commands with full router privileges.

Is there a public PoC exploit available for CVE-2026-4558?

Yes, a public proof-of-concept exploit is available for CVE-2026-4558. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2026-4558?

Within 24 hours: Audit deployed Linksys MR9600 units and confirm firmware version 2.0.6.206937 inventory. Within 7 days: Check Linksys security advisories and firmware update portal for patch availability; if available, schedule firmware updates. If no patch available within 7 days, implement network segregation isolating affected routers to administrative-only access and disable remote management. Within 30 days: Force update to any released patched firmware version; validate through Linksys support channels that a fix is in development; if no patch timeline is provided, evaluate router replacement or mandatory factory reset with access controls.

Linksys MR9600 CVE-2026-4558

Q: What is the CVSS score of CVE-2026-4558?

CVE-2026-4558 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-14333 HIGH

OS Command Injection (CWE-78)

2026-03-22 VulDB

GHSA-c659-rvfg-wgf8

Linksys Command Injection

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 30, 2026 - 16:43 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 30, 2026 - 16:37 vuln.today

cvss_changed

CVSS changed

Apr 30, 2026 - 16:37 NVD

8.8 (HIGH) 7.4 (HIGH)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 17:45 euvd

EUVD-2026-14333

Analysis Generated

Mar 22, 2026 - 17:45 vuln.today

CVE Published

Mar 22, 2026 - 17:29 nvd

HIGH 8.8

DescriptionCVE.org

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

OS command injection in Linksys MR9600 mesh router firmware 2.0.6.206937 allows authenticated remote attackers to execute arbitrary system commands with router privileges via crafted Smart Connect configuration parameters. The vulnerability exists in the SmartConnect.lua file's smartConnectConfigure function, which fails to sanitize user input in configApSsid, configApPassphrase, srpLogin, and srpPassword arguments before passing them to system commands. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Credential acquisition (default/weak passwords)

Delivery

Authenticate to web admin panel

Exploit

Access Smart Connect configuration

Install

Inject shell metacharacters in SSID/passphrase fields

Router executes arbitrary commands as root

Execute

Install persistence backdoor

Impact

Pivot to internal network