CVE-2026-53876 Micro-Star International Co., Ltd. CVE debrief

Who should care

Administrators and users of the RadiX AX6600 WiFi 6 Tri-Band Gaming Router, especially those with administrative access to the web console, should be aware of this vulnerability and take necessary precautions.

Technical summary

CVE-2026-53876 is an OS command injection vulnerability in the RadiX AX6600 WiFi 6 Tri-Band Gaming Router. It allows an administrator logged into the web console to execute arbitrary commands with root privileges due to improper input validation or sanitization. The vulnerability's CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, indicating a high severity level.

Defensive priority

High

Recommended defensive actions

• Update the RadiX AX6600 WiFi 6 Tri-Band Gaming Router firmware to the latest version if available.
• Limit access to the web console to only necessary personnel.
• Implement strong authentication and authorization mechanisms for web console access.
• Regularly monitor the router for suspicious activity.
• Consider using a web application firewall to detect and prevent attacks.
• Review and restrict the use of administrative privileges.
• Refer to the vendor's support page for more information: [ref-5](https://www.msi.com/Networking/RadiX-AX6600-WiFi-6-Tri-Band-Gaming-Router/support).

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and other reliable sources. The CVE record and NVD detail pages provide further information on this vulnerability.

Official resources