CVE-2026-25107

CVSS 6.9 MEDIUMEPSS 0.1%CWE-321

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Productos afectados

ELECOM CO.,LTD. · WRC-X1800GSA-B ELECOM CO.,LTD. · WRC-X1800GS-B ELECOM CO.,LTD. · WRC-X1800GSH-B ELECOM CO.,LTD. · WRC-X3000GS2A-B ELECOM CO.,LTD. · WRC-X3000GS2-B ELECOM CO.,LTD. · WRC-X3000GS2-W ELECOM CO.,LTD. · WRC-X3000GST2-B ELECOM CO.,LTD. · WRC-X6000QSA-G ELECOM CO.,LTD. · WRC-X6000QS-G ELECOM CO.,LTD. · WRC-X6000XS-G ELECOM CO.,LTD. · WRC-X6000XST-G ELECOM CO.,LTD. · WRC-XE5400GSA-G ELECOM CO.,LTD. · WRC-XE5400GS-G

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jvn.jp/en/jp/JVN03037325/https://www.elecom.co.jp/news/security/20260512-01/