CVE-2026-27846 is a vulnerability identified in Linksys MR9600 and MX4200 routers, specifically in firmware versions 1.0.4.205530 and 1.0.13.210200 respectively. The root cause is a missing authentication mechanism (CWE-306) on the mesh networking functionality, which allows an attacker with physical access to the device to add a new mesh device to the network without any authentication checks. By exploiting this flaw, the attacker can retrieve sensitive information stored on the router, including the administrator password for the web management interface and Wi-Fi network passwords. The vulnerability does not require prior privileges or user interaction, but physical access is mandatory. The CVSS v3.1 base score is 6.2 (medium), reflecting the local attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality but no impact on integrity or availability. No public exploits or patches have been reported at the time of publication. This vulnerability poses a significant risk to environments where physical security of networking equipment is weak, potentially allowing unauthorized network access and lateral movement within the network. The absence of authentication on critical mesh functions violates security best practices and exposes sensitive credentials that could be leveraged for further attacks.

The primary impact of CVE-2026-27846 is the compromise of confidentiality of sensitive credentials, including admin and Wi-Fi passwords, which can lead to unauthorized network access. Attackers gaining these credentials can manipulate network configurations, intercept or redirect traffic, and potentially launch further attacks against internal systems. While integrity and availability are not directly affected, the breach of credentials undermines overall network security posture. Organizations relying on Linksys MR9600 and MX4200 routers in sensitive environments, such as corporate offices, government agencies, or critical infrastructure, face increased risk of insider threats or physical tampering. The requirement for physical access limits remote exploitation but does not eliminate risk in environments with shared or poorly secured facilities. The lack of known exploits reduces immediate threat but also indicates a need for proactive mitigation before attackers develop tools to exploit this vulnerability.

1. Enforce strict physical security controls around networking equipment to prevent unauthorized access to the devices. 2. Monitor mesh network configurations regularly for unauthorized additions or changes. 3. Disable mesh functionality if not required or restrict mesh device additions through administrative controls if supported. 4. Change default administrator and Wi-Fi passwords to strong, unique credentials to limit the impact if credentials are exposed. 5. Implement network segmentation to isolate critical systems from potentially compromised network segments. 6. Stay informed about firmware updates from Linksys and apply patches promptly once available. 7. Use tamper-evident seals or enclosures on devices to detect physical interference. 8. Conduct periodic security audits and penetration tests focusing on physical and network access controls. These steps go beyond generic advice by emphasizing physical security, configuration monitoring, and proactive network design to mitigate risks from this vulnerability.