Affected Vendors
- Linksys — 1 CVE (High severity)
- Zyxel — 1 CVE (Medium severity)
- ASUS — 1 CVE (Medium severity)
- TP-Link — 1 CVE (Unrated severity)
This week brings a modest set of four new router vulnerabilities, with one high-severity issue requiring immediate attention from Linksys users and a mix of medium-severity concerns across other major vendors.
Critical Issues
CVE-2026-6992 (Linksys MR9600, CVSS 7.2) stands out as the week's most urgent vulnerability. The flaw affects the BTRequestGetSmartConnectStatus function within the JNAP Action Handler component running on Linksys MR9600 firmware 2.0.6.206937. If you manage MR9600 devices in your fleet, prioritize checking for available firmware updates immediately.
Medium-Severity Findings
CVE-2026-31524 (ASUS, CVSS 5.5) addresses a memory leak in the HID asus_report_fixup() function within the Linux kernel. While this affects ASUS routers that use vulnerable kernel versions, the impact is moderate. Monitor ASUS security advisories for patched firmware releases.
CVE-2026-6058 (Zyxel WRE6505 v2, CVSS 4.5) involves improper encoding in the CGI program, potentially allowing adjacent WLAN attackers to exploit the device. Note that this CVE was marked unsupported when assigned, which may complicate patch availability. Contact Zyxel support to verify if your WRE6505 v2 firmware (V1.00(ABDV.3)C0) is affected.
Cryptographic Weakness
CVE-2026-5039 (TP-Link TL-WR841N v13, CVSS 6.1) reveals that the TDDPv2 debug protocol uses predictable DES-CBC encryption keys derived from default credentials. While severity is unrated, this is a meaningful risk for exposed devices. Ensure default credentials are changed and disable debug protocols if possible.