Description
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Published: 2026-02-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Exposure of internal services
Action: Apply Patch
AI Analysis

Impact

A firewall rule that was incorrectly configured on the router allows any connection to the WAN port to be accepted when the source port is 5222, providing access to services that are normally reachable only from the local network. The weakness exists due to improper access control and can result in confidential data exposure, unauthorized service use, or further compromise of the local network. The control is a classic example of the CWE‑284 “Improper Access Control” problem.

Affected Systems

Linksys MR9600 running firmware version 1.0.4.205530 and Linksys MX4200 running firmware version 1.0.13.210200 are impacted by the vulnerability. Both routers are able to accept traffic from the WAN with source port 5222, bypassing the intended firewall restriction.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity condition. However the EPSS score is below 1 % which suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. An attacker only needs to craft packets with source port 5222 from the external network, so the attack vector is purely network‑based and does not require authentication. Due to the low exploitation probability, the risk is moderate but the impact should be treated seriously because the exposure allows direct interaction with otherwise protected services.

Generated by OpenCVE AI on April 18, 2026 at 10:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MR9600 to firmware that fixes the firewall rule as released by Linksys
  • Update MX4200 to firmware that corrects the firewall configuration
  • Configure the router to block incoming traffic on source port 5222 from the WAN interface as a temporary measure until the firmware update is applied

Generated by OpenCVE AI on April 18, 2026 at 10:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Linksys
Linksys mr9600
Linksys mx4200
Vendors & Products Linksys
Linksys mr9600
Linksys mx4200

Wed, 25 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 25 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Description Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
Title Improper verification in Linksys MR9600, Linksys MX4200
References

Subscriptions

Linksys Mr9600 Mx4200
cve-icon MITRE

Status: PUBLISHED

Assigner: ENISA

Published:

Updated: 2026-02-25T19:11:29.416Z

Reserved: 2026-02-24T07:07:48.974Z

Link: CVE-2026-27850

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-25T18:23:41.350

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-27850

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses