CVE-2026-4558 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linksys	Mr9600 Firmware	2.0.6.206937
Linksys	Mr9600	-

Related Weaknesses (CWE)

CWE-78 CWE-77

References

https://github.com/utmost3/cve/issues/1ExploitThird Party AdvisoryIssue Tracking
https://vuldb.com/?ctiid.352385Permissions RequiredVDB Entry
https://vuldb.com/?id.352385Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.775036Third Party AdvisoryVDB Entry
https://www.linksys.com/Product

FAQ

What is CVE-2026-4558?

CVE-2026-4558 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphr...

How severe is CVE-2026-4558?

CVE-2026-4558 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-4558?

Check the references section above for vendor advisories and patch information. Affected products include: Linksys Mr9600 Firmware, Linksys Mr9600.