漏洞关键信息 Vulnerability ID: SYSS-2025-010 Affected Product: Linksys MR9600, MX4200 (and potentially others) Affected Version: 1.0.4.205530 for MR9600, 1.0.13.210200 for MX4200 (and potentially others) Tested Version: 1.0.4.205530 for MR9600, 1.0.13.210200 for MX4200 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High CVE Reference: CVE-2026-27848 Vulnerability Details: - Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection. - The service does not neutralize special elements and appends the username as a command line argument, allowing arbitrary OS commands to be executed as the root user without valid credentials. Proof of Concept (PoC): Solution: No known solution yet. Disclosure Timeline: - Vulnerability Discovered: 2024-11-11 - Public Disclosure: 2026-02-12 Vulnerable Service: sct_server binary running on TCP port 6060