CVE 8.6 HIGH

Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection_CVE-2026-6992

April 25, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

OS command injection vulnerability in Linksys MR9600 via the BTRequestGetSmartConnectStatus function

Basic Information

ID CVE-2026-6992

Source VulDB

Published Apr 25, 2026 at 18:00

Affected Product

Vendor Linksys

Product MR9600

Version 2.0.6.206937

Affected Versions Linksys MR9600 2.0.6.206937

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Linksys

Product MR9600

Version 2.0.6.206937

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-25T18:00:20.422Z",
    "modified": "2026-04-25T18:00:20.422Z",
    "type": "cve",
    "title": "Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359544\nhttps://vuldb.com/vuln/359544/cti\nhttps://vuldb.com/submit/797086\nhttps://github.com/utmost3/cve/issues/2\nhttps://www.linksys.com/",
    "id": "CVE-2026-6992",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Linksys MR9600 2.0.6.206937",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MR9600",
    "version": "2.0.6.206937",
    "vendor": "Linksys",
    "ai_description": "OS command injection vulnerability in Linksys MR9600 via the BTRequestGetSmartConnectStatus function",
    "ai_severity": "High",
    "ai_vendor": "Linksys",
    "ai_product": "MR9600",
    "ai_version": "2.0.6.206937",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply