https://feed.craftedsignal.io/tags/linksys/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-linksys-rce/Mon, 23 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-linksys-rce/A remote OS command injection vulnerability exists in the Linksys MR9600 router version 2.0.6.206937, allowing attackers to execute arbitrary commands by manipulating specific function arguments via the SmartConnect.lua file.CVE-2026-4558 is a critical vulnerability affecting Linksys MR9600 routers, specifically version 2.0.6.206937. The flaw resides within the smartConnectConfigure function of the SmartConnect.lua file. Attackers can remotely inject OS commands by manipulating the configApSsid, configApPassphrase, srpLogin, or srpPassword arguments. Publicly available exploits exist, increasing the risk of exploitation. The vendor was notified but has not yet provided a patch or response, leaving users…

]]>criticaladvisoryCVE-2026-4558linksyscommand-injectionnetwork-device