Hacking Linksys mesh routers: How to find 6 vulnerabilities & why they do not patch them. π¨π»βπ»αα||αππ¨π₯
Security researcher Christian ZΓ€ske shares the story of his vulnerability research on Linksys mesh routers (MR9600 and MX4200), including some very interesting findings (three RCEs) and some very, ahem... questionable behavior by the Linksys security team.
To summarize the findings, an attacker might be able to hack the routers remotely without knowing a valid username or password and, in some cases, without being connected to the victimβs local network.
The kill chain looks like this: firewall bypass > access the mesh service > use SQL injection to create credentials > send a malicious configuration update > execute commands as root.
According to the author, the vulnerabilities were responsibly disclosed to Linksys in February and March 2025, but somehow the process went south. In February 2026, the author decided to disclose them in a blog post and gave a presentation later that year.
This is very interesting research. Enjoy the blog post and video presentation, and share them with your peers. If they have Linksys routers, they better disable EasyMesh in the Wi-Fi settings.
Stay safe!
More details:
Exploiting Linksys Intelligent Mesh from the internet [Youtube]: https://lnkd.in/dUeFWqin
MeshHacks: Exploiting Linksys Intelligent Mesh from the Internet [Blog]: https://blog.syss.com/posts/meshhacks/


