A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2Operating systemCWE-78CWE-77
Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
Problem type
Affected products
Linksys
MR9600
2.0.6.206937 - AFFECTED
References
VDB-352385 | Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
https://vuldb.com/?id.352385
VDB-352385 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.352385
Submit #775036 | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection
https://vuldb.com/?submit.775036
github.com
https://github.com/utmost3/cve/issues/1
linksys.com
https://www.linksys.com/
GitHub Security Advisories
GHSA-c659-rvfg-wgf8
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function...
https://github.com/advisories/GHSA-c659-rvfg-wgf8A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-4558
github.com
https://github.com/utmost3/cve/issues/1
vuldb.com
https://vuldb.com/?ctiid.352385
vuldb.com
https://vuldb.com/?id.352385
vuldb.com
https://vuldb.com/?submit.775036
linksys.com
https://www.linksys.com
github.com
https://github.com/advisories/GHSA-c659-rvfg-wgf8
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-4558Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-4558",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-03-22T17:29:35.187Z",
"dateReserved": "2026-03-21T20:47:50.172Z",
"datePublished": "2026-03-22T17:29:35.187Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-03-22T17:29:35.187Z"
},
"title": "Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection",
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "Linksys",
"product": "MR9600",
"cpes": [
"cpe:2.3:o:linksys:mr9600_firmware:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "2.0.6.206937",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "OS Command Injection",
"cweId": "CWE-78",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Command Injection",
"cweId": "CWE-77",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.352385",
"name": "VDB-352385 | Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.352385",
"name": "VDB-352385 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.775036",
"name": "Submit #775036 | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/utmost3/cve/issues/1",
"tags": [
"exploit",
"issue-tracking"
]
},
{
"url": "https://www.linksys.com/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"baseScore": 9
}
}
],
"timeline": [
{
"time": "2026-03-21T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-03-21T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-03-21T21:52:56.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "wuuu (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB",
"type": "coordinator"
}
]
}
}
}