Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
TLS-SRP handshake in MR9600 and MX4200 allows root access
CVE-2026-27848
Summary
A security flaw in the TLS-SRP handshake of MR9600 and MX4200 devices allows attackers to inject OS commands as the root user. This can happen when a device attempts to connect to a malicious server. To fix this issue, update your MR9600 and MX4200 devices to the latest available version.
Original title
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4...
Original description
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
nvd CVSS3.1
9.8
Vulnerability type
CWE-78
OS Command Injection
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026