Plethore of critical #Linksys MX4200 Wi-Fi router vulnerabilities (that were originally reported to Linksys nearly a year ago!) are still unfixed:

- [SYSS-2025-001] Linksys MX9600/MX4200 - Path Traversal https://seclists.org/fulldisclosure/2026/Feb/10
- [SYSS-2025-002] Linksys MX9600/MX4200 - Missing Authentication for Critical Function https://seclists.org/fulldisclosure/2026/Feb/11
- [SYSS-2025-009] Linksys MX9600/MX4200 - SQL Injection https://seclists.org/fulldisclosure/2026/Feb/12
- [SYSS-2025-010] Linksys MX9600/MX4200 - OS Command Injection https://seclists.org/fulldisclosure/2026/Feb/13
- [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection https://seclists.org/fulldisclosure/2026/Feb/18
- [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel
https://seclists.org/fulldisclosure/2026/Feb/19

On first read it might appear that many of these vulnerabilities would only be exploitable by accessing the device non-WAN interface(s) from inside the local network. However, due to the SYSS-2025-014 vulnerability the normally "LAN only RCE" vulnerabilities (SYSS-2025-010 and -011) and SQL injection (SYSS-2025-009) can be performed from the WAN interface (read: the internet). The attacker merely needs to make the connection originate from port 5222 (which is trivial to arrange via local bind before connect).

Update: Users of Linksys MX4200 should upgrade to firmware version 2.0.7.216620 or later. While not all of the security issues are fixed, it at least should stop the attacks via the WAN interface (SYSS-2025-014). https://support.linksys.com/kb/article/952-en/

#linksys #fulldisclosure #vulnerability #infosec #cybersecurity

Full disclosure in computer security still exists and is complementary to other disclosure models. The evolution of vulnerability disclosure is not linear from full disclosure to responsible disclosure to coordinated disclosure. These models coexist and all need to be taken into account.

You can’t just say “the legal framework will solve it” or “just do coordinated disclosure.” Vendors, researchers, and users are not all rational actors playing the same game.

Vulnerability disclosure is more complex than that, and if you actually want to address the issue, you can’t just say “it doesn’t exist.”

#cve #gcve #vulnerabilitymanagement #cybersecurity #fulldisclosure #vulnerability

4 tix is a bit excessive. #auspol #PoliticalInfluence #PoliticalDonation #NSWpol #FullDisclosure

RE: https://bsky.app/profile/did:plc:hp3t4k35yyjxczb3vuhoegyy/post/3mdjvmiq2ug26

I gave no idea, zero (0), how they got a high severity CVSS out of missing response headers. I mean, are they important? Sure! Don't you put that on reports, Bill? You bet! 8.3 severity? I'd be laughed out of the readout call.

https://seclists.org/fulldisclosure/2025/Dec/0

#fulldisclosure #cvss

I can't think of anything more repulsive than the Andromedan virus who thinks everything is a joke... The Andromedan virus will think it's a joke... but it is Animal Farm; disclosure 101 #animalfarm #orwell #fulldisclosure

To everyone using #MintLinux:

Please run `sudo passwd` and set a password for your root shell right now!

Failing to do so will keep your system wounderable to a password-less recovery root shell, which's only security measure asking you to press "Enter", nothing else.

I am doing #FullDisclosure of this massive #SecurityBreach right now, as this huge problem is apparently known for years already, but nobody seems to care at @linuxmint

https://forums.linuxmint.com/viewtopic.php?t=363711.

What the...

#RootShell #Linux

#FullDisclosure this had me laughing uncontrollably when i heard it…the scene was perfection https://mastodon.social/@filmfreakmafia/115028657473772176

@CannaParts
Komisch ich hab noch hat kein critical cve für MS Teams gesehen heute. Wann geht das raus? #FullDisclosure

Funny how often an arms industry tie-in is omitted, despite obvious relevance. #FullDisclosure

RE: https://bsky.app/profile/did:plc:cpshddqofvb6kgmi3rng4nyv/post/3lw43tgpis22n

Lisäänpä heti tähän samaan ketjuun, että kyllä, ajan polkupyörällä, vaikka tällä hetkellä en työmatkaa sillä tyypillisesti taitakaan (lähinnä lenkkeilen). Ja ajan autolla, km-määrissä ihan selvästi enemmän kuin pyörillä.

En silti preferoi autoa enkä varsinkaan kaupunki-infra-asioissa. Raivostuttavaa ajaa pyörällä, kun se on vähiten tärkeä liikkumismuoto kaupungin infrassa ja suunnittelussa.

#fullDisclosure

Mary's nephew is in the band, as is her niece's husband. #FullDisclosure #notes #connections #music #WaysOfSeeing

CVE-2024-47081: Netrc credential leak in PSF requests library

https://seclists.org/fulldisclosure/2025/Jun/2

#HackerNews #CVE202447081 #NetrcLeak #PSFRequests #Cybersecurity #Vulnerability #FullDisclosure

Insolate opens up and brings out the Full Disclosure album, filled with great techno from the shores of Croatia, on her Out Of Place Records label. #music #Techno #insolate #fulldisclosure #outofplace #album #croatia

https://evl.one/full-disclosure-with-insolate

@thesinkingbelle ...but, #fullDisclosure being a bit of an old bad boy putting a taste of campari/vermouth into my homemade weak tea 'soda' now... #drinkingclub #ListeningClub

Playing around with #Modyfi, that does support #VariableFonts now. This shrink-wrap modifier seems destined to be used with #ElectricBlue.
#Animating variable fonts has never been so easy!

https://app.modyfi.com
(I’m not payed to say that, Daniël tipped me off and they reached out to hime for some collaboration #fulldisclosure)

But it's only a strawberry one, I'd prefer a apple/pear cider slushy #fulldisclosure

Ohh printer RCE. It's all code, baby.

https://seclists.org/fulldisclosure/2024/Oct/17

#fulldisclosure #xerox

@RosePuckey

They didn't sound fluent, but Bravo Zulu for a good attempt to promote the Cornish language.

#FullDisclosure Although I was raised in Cardiff (from six weeks old), I was born in Rosemundy House in St Agnes.

There we go, confirmation of a hard coded user credential in Asus iKVM/IPMI/Redfish.

Is there a better contact than security@?

https://serverfault.com/a/1161387

#FullDisclosure #InfoSec

Sooo.. it's an election year.

I post about #politics. If that's not what you want, you should probably unfollow me.

I do not insult people. If you do, I will block you without further discussion. Those are the ground rules. We now return you to our regularly scheduled programming.

#FullDisclosure