CVE-2026-6992 | Linksys MR9600 2.0.6.206937 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus pin os command injection

A vulnerability identified as critical has been detected in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection.

This vulnerability is listed as CVE-2026-6992. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More