CVE-2026-27850

Summary

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Affected Software

VendorProductVersion RangeStatus
LinksysMR96001.0.4.205530affected
LinksysMX42001.0.13.210200affected

Weaknesses

  • cwe-940 Improper Verification of Source of a Communication Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References