CVE-2026-4558 | Linksys MR9600 2.0.6.206937 SmartConnect.lua smartConnectConfigure os command injection

A vulnerability was found in Linksys MR9600 2.0.6.206937 and classified as critical. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection.

The identification of this vulnerability is CVE-2026-4558. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4558 | Linksys MR9600 2.0.6.206937 SmartConnect.lua smartConnectConfigure os command injection

Post correlati

CVE-2025-14259 | Jihai Jshop MiniProgram Mall System 2.9.0 /index.php/api.html cat_id sql injection

CVE-2024-2655 | Livemesh Elementor Addons Plugin up to 8.3.6 on WordPress Display Name cross site scripting

CVE-2024-35209 | Siemens SINEC Traffic Analyzer up to 1.1 HTTP Method routine (ssa-196737)

CVE-2025-48703 | centos-webpanel CentOS Web Panel up to 0.9.8.864 t_total os command injection