CVE-2022-24372

low-risk

Published 2022-04-27

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

PHYSICAL / LOW complexity

Mr9600 Firmware

Linksys

Product https://www.linksys.com/de/linksys-dual-band-mesh-wifi-6-router-mr9600/p/p-mr960...

Product https://www.linksys.com/mesh-routers/linksys-dual-band-mesh-wifi-6-router-mr9600...

Exploit https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-046.t...

Product https://www.linksys.com/de/linksys-dual-band-mesh-wifi-6-router-mr9600/p/p-mr960...

Product https://www.linksys.com/mesh-routers/linksys-dual-band-mesh-wifi-6-router-mr9600...

Exploit https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-046.t...

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal