Published:2026/06/17 Last Updated:2026/06/17
JVN#20769211
OS command injection in RadiX AX6600 WiFi 6 Tri-Band Gaming Router
Overview
RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains an OS command injection vulnerability.
Products Affected
- RadiX AX6600 WiFi 6 Tri-Band Gaming Router firmware versions prior to v781521
Description
RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains the following vulnerability.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2026-53876
Impact
Arbitrary commands may be executed with the root privilege by a user who logs in to the web console as an administrator.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Micro-Star International Co., Ltd. | Drivers & Downloads |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
KAZUHIRO SHIBUTA of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-53876 |
| JVN iPedia |
JVNDB-2026-000087 |