Platform
other
Component
sharp-home-5g-hr01-router
Fixed in
38.0.1
5.0.1
38.0.1
3.87.16
3.0.1
CVE-2026-32326 describes an authentication bypass vulnerability affecting SHARP home 5G HR01 routers running versions up to and including S7.41.00. This flaw allows attackers to retrieve device information without authentication, potentially leading to complete device takeover if the administrator has not changed the default password. A firmware update is required to address this security concern.
The primary impact of CVE-2026-32326 is the potential for unauthorized access to sensitive device information. An attacker exploiting this vulnerability can retrieve configuration details, network settings, and potentially user data stored on the router. Critically, if the administrator has left the default password unchanged, the attacker can gain full administrative control over the router, enabling them to modify settings, intercept network traffic, and launch further attacks against devices on the network. This represents a significant security risk, particularly for home networks and small businesses relying on the router for internet connectivity and security.
This vulnerability was publicly disclosed on March 25, 2026. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's severity is assessed as medium, indicating a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32326 is to upgrade the SHARP HR01 router to a firmware version that addresses the authentication bypass. SHARP has not yet released a fixed firmware version, so users should monitor the SHARP support website for updates. As a temporary workaround, changing the default administrator password is crucial to prevent unauthorized access. Consider implementing network segmentation to limit the impact of a potential compromise. Regularly review router logs for suspicious activity.
Update the SHARP home 5G HR01 router firmware to the latest version provided by the manufacturer. Ensure you change the default administrative password to a strong, unique password.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32326 is a medium severity vulnerability in the SHARP HR01 router allowing unauthenticated access to device information, potentially leading to takeover if default credentials are used.
You are affected if you use a SHARP HR01 router running version S7.41.00 or earlier and have not changed the default administrator password.
Upgrade to a patched firmware version from SHARP. Monitor the SHARP support website for updates. Until then, change the default administrator password.
There are currently no reports of active exploitation, but the vulnerability is publicly known.
Please refer to the SHARP support website for the latest advisory and firmware updates regarding CVE-2026-32326.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.