CVE-2026-25603 - Vulnerability Details

- Path Traversal vulnerability in Linksys MR9600, Linksys MX4200

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Published: 2026-02-24

Score: 6.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a classic path traversal flaw that allows a local user to mount the contents of a USB drive partition to any directory within the router’s filesystem. If an attacker successfully mounts the drive in a directory containing executable scripts, these scripts can be run with root privileges, effectively allowing the attacker to take full control of the device. The weakness cited is CWE‑22, and the impact is confined to the device’s firmware and the operations it performs.

Affected Systems

Linksys MR9600 (firmware 1.0.4.205530) and Linksys MX4200 (firmware 1.0.13.210200) are affected. These models expose the flaw through their USB drive mounting functionality.

Risk and Exploitability

The CVSS score of 6.6 reflects a moderate severity, but the EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a trusted user inserting a USB drive containing a crafted partition; thus it requires local access or physical possession of the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linksys

MR9600

affected

Version	Status	Constraints
`1.0.4.205530`	affected	—

Linksys

MX4200

unaffected

Version	Status	Constraints
`1.0.13.210200`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:linksys:mr9600_firmware:1.0.4.205530:*:*:*:*:*:*:*

cpe:2.3:h:linksys:mr9600:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:linksys:mx4200_firmware:1.0.4.205530:*:*:*:*:*:*:*

cpe:2.3:h:linksys:mx4200:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Linksys

Mr9600

100%

Version	Status	Scheme	Platform
`1.0.4.205530`	affected	generic	—

Linksys

Mx4200

100%

Version	Status	Scheme	Platform
`1.0.13.210200`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update for the Linksys MR9600 and MX4200 that eliminates the path traversal flaw.
Disable or restrict the USB drive mounting feature to prevent arbitrary filesystem access.
Configure the router to block execution of scripts from external media or limit root‑level privileges on mounted volumes.

Generated by OpenCVE AI on April 17, 2026 at 15:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt

History

Thu, 26 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linksys mr9600 Firmware Linksys mx4200 Firmware
CPEs		cpe:2.3:h:linksys:mr9600:-:::::::* cpe:2.3:h:linksys:mx4200:-:::::::* cpe:2.3:o:linksys:mr9600_firmware:1.0.4.205530:::::::* cpe:2.3:o:linksys:mx4200_firmware:1.0.4.205530:::::::*
Vendors & Products		Linksys mr9600 Firmware Linksys mx4200 Firmware

Wed, 25 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Feb 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linksys Linksys mr9600 Linksys mx4200
Vendors & Products		Linksys Linksys mr9600 Linksys mx4200

Tue, 24 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Tue, 24 Feb 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Title		Path Traversal vulnerability in Linksys MR9600, Linksys MX4200
Weaknesses		CWE-22
References		https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt

Subscriptions

Linksys Mr9600 Mr9600 Firmware Mx4200 Mx4200 Firmware

MITRE

Status: PUBLISHED

Assigner: ENISA

Published: 2026-02-24T17:14:36.141Z

Updated: 2026-02-24T18:13:33.449Z

Reserved: 2026-02-03T07:24:49.548Z

Link: CVE-2026-25603

Vulnrichment

Updated: 2026-02-24T18:11:40.771Z

NVD

Status : Analyzed

Published: 2026-02-24T18:29:33.167

Modified: 2026-02-26T18:10:54.523

Link: CVE-2026-25603

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T15:45:15Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object