CVE-2026-27850
Received
Received - Intake
Firewall Misconfiguration in MR9600/MX4200 Allows Unauthorized WAN Access
Vulnerability report for CVE-2026-27850, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: ENISA
Description
Description
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | mr9600 | 1.0.4.205530 |
| linksys | mx4200 | 1.0.13.210200 |
| linksys | mx4200 | From 1.0.13.210200 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |