{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T13:16:30.616","vulnerabilities":[{"cve":{"id":"CVE-2026-25603","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-02-24T18:29:33.167","lastModified":"2026-02-26T18:10:54.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context of a root user.This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."},{"lang":"es","value":"Vulnerabilidad de Limitación Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') en Linksys MR9600, Linksys MX4200 permite que el contenido de una partición de unidad USB pueda montarse en una ubicación arbitraria del sistema de archivos. Esto puede resultar en la ejecución de scripts de shell en el contexto de un usuario root. Este problema afecta a MR9600: 1.0.4.205530; MX4200: 1.0.13.210200."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linksys:mr9600_firmware:1.0.4.205530:*:*:*:*:*:*:*","matchCriteriaId":"53E39864-0A63-4188-A91B-CA024C56237C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:linksys:mr9600:-:*:*:*:*:*:*:*","matchCriteriaId":"EEF496D6-F5A4-4859-9BAC-016EB64A701C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linksys:mx4200_firmware:1.0.4.205530:*:*:*:*:*:*:*","matchCriteriaId":"7885670B-8DCF-42F3-8644-B6F240D5E84B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:linksys:mx4200:-:*:*:*:*:*:*:*","matchCriteriaId":"9D53D1E6-E087-4837-A2A4-3512644E3DC2"}]}]}],"references":[{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-001.txt","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","tags":["Exploit","Third Party Advisory"]}]}}]}