Impact
RadiX AX6600 WiFi 6 Tri‑Band Gaming Router contains an OS command injection flaw that allows a user authenticated as a web console administrator to inject arbitrary shell commands. This weakness, classified as CWE‑78, can result in full root‑privileged execution on the device, compromising confidentiality, integrity, and availability of the router and any networks it serves. The attacker can gain persistent control of the router, modify network traffic, or pivot to other devices on the internal network.
Affected Systems
MSI RadiX AX6600 WiFi 6 Tri‑Band Gaming Router is affected. No specific firmware version is listed in the advisory, so all released firmware iterations may be vulnerable until a patch is available.
Risk and Exploitability
With a CVSS score of 8.6 and an EPSS score of 2%, the vulnerability is considered high‑risk and has a moderate probability of exploitation. The advisory does not list this CVE in CISA’s KEV catalog, but the OS command injection can be triggered remotely via the web console, and only users with administrator credentials can exploit it. Because the attack requires legitimate admin access, the threat remains largely internal or originates from compromised local users.
OpenCVE Enrichment