OS Command Injection in RadiX AX6600 WiFi 6 Tri-Band Gaming Router by MSI
CVE-2026-53876

8.6HIGH

Key Information:

Vendor

Micro-star International Co., Ltd.

Status
Radix Ax6600 Wifi 6 Tri-band Gaming Router
Vendor
CVE Published:
17 June 2026

What is CVE-2026-53876?

The RadiX AX6600 WiFi 6 Tri-Band Gaming Router by MSI is susceptible to an OS command injection vulnerability, which allows an authenticated administrator to execute arbitrary commands with root privileges through the web console. This security flaw exposes the device to potential exploitation, enabling unauthorized users to manipulate the router’s functions or access sensitive information. Proper patching and security measures are essential to protect against this vulnerability.

Affected Version(s)

RadiX AX6600 WiFi 6 Tri-Band Gaming Router firmware versions prior to v781521

References

https://www.msi.com/Networking/RadiX-AX6600-WiFi-6-Tri-Ba...
https://jvn.jp/en/jp/JVN20769211/

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.