Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4.205530, MX4200: 1.0.13.210200.
Published: 2026-02-25
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download CVE-2026-27848 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
Check our portfolio:
https://dnacompany.com/poc-814-cve-2026-26705/
https://dnacompany.com/poc-76-cve-2026-25052/
https://dnacompany.com/poc-272-cve-2020-37172/