CVE-2026-25603

{"id": "CVE-2026-25603", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-25603", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T18:11:45.463586Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "affected": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "affectedData": [{"vendor": "Linksys", "product": "MR9600", "versions": [{"status": "affected", "version": "1.0.4.205530"}], "defaultStatus": "affected"}, {"vendor": "Linksys", "product": "MX4200", "versions": [{"status": "affected", "version": "1.0.13.210200"}], "defaultStatus": "unaffected"}]}], "published": "2026-02-24T18:29:33.167", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that\u00a0contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}, {"lang": "es", "value": "Vulnerabilidad de Limitaci\u00f3n Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') en Linksys MR9600, Linksys MX4200 permite que el contenido de una partici\u00f3n de unidad USB pueda montarse en una ubicaci\u00f3n arbitraria del sistema de archivos. Esto puede resultar en la ejecuci\u00f3n de scripts de shell en el contexto de un usuario root. Este problema afecta a MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}], "lastModified": "2026-06-17T10:24:56.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linksys:mr9600_firmware:1.0.4.205530:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53E39864-0A63-4188-A91B-CA024C56237C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:mr9600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EEF496D6-F5A4-4859-9BAC-016EB64A701C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linksys:mx4200_firmware:1.0.4.205530:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7885670B-8DCF-42F3-8644-B6F240D5E84B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:mx4200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D53D1E6-E087-4837-A2A4-3512644E3DC2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}