CVE-2026-6992
Received Received - Intake
OS Command Injection in Linksys MR9600 JNAP Action Handler

Publication date: 2026-04-25

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-25
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6992
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linksys mr9600_firmware 2.0.6.206937
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6992 is a command injection vulnerability found in the Linksys MR9600 router, specifically in the BT Smart Connect feature. The flaw exists in the function BTRequestGetSmartConnectStatus within the router's JNAP Action Handler component. An attacker can manipulate the 'pin' argument to inject and execute arbitrary operating system commands remotely.

This vulnerability allows remote attackers to execute commands on the router without user interaction, potentially compromising the device.

Impact Analysis

This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary commands on the affected router. This can lead to full compromise of the device, including unauthorized access, control over network traffic, data interception, or disruption of network services.

Since the exploit is publicly available and the vendor has not responded, the risk of exploitation is significant.

Detection Guidance

This vulnerability involves command injection via the BT Smart Connect feature exposed through the router's web management interface. Detection can be approached by monitoring for unusual or unauthorized commands executed through this interface.

Since the vulnerability is in the function BTRequestGetSmartConnectStatus of the /etc/init.d/run_central2.sh script, detection might involve checking for suspicious invocations or modifications of this script.

One practical approach is to emulate the router environment as described in the resource to safely analyze and test for the vulnerability.

  • Use network monitoring tools to capture HTTP requests to the router's web management interface, especially those targeting the BT Smart Connect feature.
  • Check the router logs for any unexpected commands or errors related to /etc/init.d/run_central2.sh.
  • If you have shell access, you can verify the integrity and permissions of /etc/init.d/run_central2.sh.
  • Commands to check the script permissions and content: `ls -l /etc/init.d/run_central2.sh` and `cat /etc/init.d/run_central2.sh`.
  • Monitor network traffic on port 8080 if using the emulated environment or the router's web interface port for suspicious activity.
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted networks or IP addresses to prevent remote exploitation.

Disable the BT Smart Connect feature if possible, as it is the vector for the command injection.

Monitor and audit router logs for any signs of exploitation attempts.

If feasible, emulate the router environment as described to analyze and test patches or workarounds.

Since the vendor has not responded, consider isolating the device from critical networks until a patch or official fix is available.

Compliance Impact

The provided information does not specify how the CVE-2026-6992 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6992. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart