CVE-2026-27847

CRITICAL

9.8

Description

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/25/2026

Derniere modification2/27/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-89

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-009.txt(a6d3dc9e-0591-4a13-bce7-0f5b31ff6158)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.