Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user.
This issue affects MR9600: 1.0.4.205530, MX4200: 1.0.13.210200.
Published: 2026-02-25
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2026-27848 here:
Use Tor Browser to access .onion site.
https://sonitex.com/exploit-437-cve-2025-70237/
https://sonitex.com/exploit-475-cve-2019-25506/