Skip to main content

RadiX AX6600 Router EUVDEUVD-2026-37553

| CVE-2026-53876 HIGH
OS Command Injection (CWE-78)
2026-06-17 jpcert
7.2
CVSS 3.0 · Vendor: jpcert
Share

Severity by source

Vendor (jpcert) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Web console is network-reachable (AV:N) and injection is straightforward once authenticated (AC:L), but administrator login is required (PR:H); root execution yields full C/I/A impact on the device only (S:U).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (jpcert).

CVSS VectorVendor: jpcert

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 06:20 vuln.today

DescriptionCVE.org

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator.

AnalysisAI

Authenticated OS command injection in MSI RadiX AX6600 WiFi 6 Tri-Band Gaming Router lets an administrator of the web console execute arbitrary operating system commands as root. The flaw was reported through JPCERT/JVN (JVN20769211) and carries a CVSS 3.0 score of 7.2; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router web console on LAN/WAN
Delivery
Obtain admin credentials (default/weak/reused/phished)
Exploit
Authenticate to RadiX AX6600 web UI
Execution
Inject shell metacharacters into vulnerable management parameter
Persist
Command executes as root on embedded Linux
Impact
Install persistence or pivot into LAN

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to first authenticate to the RadiX AX6600 web console as an administrator (PR:H), and to reach that console over the network - typically the LAN, unless the user has explicitly enabled WAN-side remote management. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H reflects network-reachable exploitation but explicitly requires high privileges (administrator login to the web console), which is the dominant risk-limiter and the reason the base score sits at 7.2 rather than near 10. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrator credentials (via phishing, credential reuse, default passwords, or a chained pre-auth flaw) logs into the RadiX AX6600 web console and submits a crafted value into a vulnerable management field that gets concatenated into a shell command, appending arbitrary commands with shell metacharacters. The injected payload runs as root, allowing the attacker to install persistent malware on the router, pivot into the LAN, intercept or redirect DNS/HTTP traffic, or enroll the device into a botnet. …
Remediation No vendor-released patch identified at time of analysis in the provided data; check the MSI RadiX AX6600 support page at https://www.msi.com/Networking/RadiX-AX6600-WiFi-6-Tri-Band-Gaming-Router/support and JVN20769211 at https://jvn.jp/en/jp/JVN20769211/ for the fixed firmware version and apply it as soon as it ships. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of all MSI RadiX AX6600 routers in production and identify which support critical business functions; restrict web console access to named administrator accounts only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37553 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy