Analyse en attenteCVE-2026-25107

CVE-2026-25107: Configuration File Tampering in ELECOM WRC-X1800GS-B

Plateforme

linux

Composant

elecom-wrc-x1800gs-b

CVE-2026-25107 affects ELECOM WRC-X1800GS-B Wireless LAN Access Points running versions 1.06 through 1.19. This vulnerability stems from the use of a hardcoded cryptographic key when backing up configuration files. An attacker possessing this key can modify these backups, potentially tricking administrators into restoring a malicious configuration, leading to unauthorized access or device compromise.

Impact et Scénarios d'Attaquetraduction en cours…

The primary impact of this vulnerability is the potential for unauthorized configuration changes. An attacker who obtains the hardcoded encryption key can craft a malicious configuration file backup. If an administrator restores this crafted backup, the attacker gains control over the access point's settings. This could include altering the network name (SSID), changing the password, redirecting traffic, or even disabling security features. The blast radius extends to all devices connected to the compromised access point, as they would be subject to the attacker's manipulated network configuration. While direct remote code execution isn't possible, the ability to control network settings presents a significant security risk.

Contexte d'Exploitationtraduction en cours…

As of the publication date (2026-05-13), this CVE has not been listed on KEV or EPSS. The CVSS score of 6.5 (Medium) indicates a moderate probability of exploitation. Public proof-of-concept (POC) code is currently unavailable, but the vulnerability's nature makes it likely that exploits will emerge if the vendor does not release a timely patch. Monitor security advisories and threat intelligence feeds for updates.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu

CISA KEVNO

Exposition InternetÉlevée

CISA SSVC

Exploitationnone

Automatisableno

Impact Techniquepartial

Vecteur CVSS

Que signifient ces métriques?

Attack Vector: Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity: Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required: Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction: Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
Scope: Inchangé — impact limité au composant vulnérable.
Confidentiality: Aucun — aucun impact sur la confidentialité.
Integrity: Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
Availability: Aucun — aucun impact sur la disponibilité.

Logiciel Affecté

Composantelecom-wrc-x1800gs-b

FournisseurELECOM CO.,LTD.

Version minimale1.06

Version maximalev1.19 and earlier

Classification de Faiblesse (CWE)

CWE-321

Chronologie

Réservé2026-05-07
Publiée2026-05-13

Mitigation et Contournementstraduction en cours…

The primary mitigation is to upgrade the ELECOM WRC-X1800GS-B access point to a version that addresses this vulnerability (a patched version is expected from ELECOM). Until an upgrade is available, implement strict file integrity checks on all configuration backups. Verify the hash of any restored configuration file against a known good baseline. Limit access to the configuration backup functionality to authorized personnel only. Consider implementing a WAF or proxy to inspect traffic related to configuration file uploads and downloads, looking for suspicious patterns. After upgrade, confirm by verifying the configuration file backup process no longer uses the hardcoded key.

Comment corrigertraduction en cours…

Actualice el firmware del dispositivo ELECOM WRC-X1800GS-B a una versión corregida. Consulte el sitio web de ELECOM para obtener las últimas actualizaciones de firmware y las instrucciones de instalación.

Questions fréquentestraduction en cours…

What is CVE-2026-25107 — Configuration File Tampering in ELECOM WRC-X1800GS-B?

CVE-2026-25107 is a medium-severity vulnerability affecting ELECOM WRC-X1800GS-B access points. It allows attackers with the hardcoded encryption key to tamper with configuration backups, potentially compromising device settings and network security.

Am I affected by CVE-2026-25107 in ELECOM WRC-X1800GS-B?

You are affected if you are using an ELECOM WRC-X1800GS-B access point running version 1.06 through 1.19. Check your device's firmware version to determine if you are vulnerable.

How do I fix CVE-2026-25107 in ELECOM WRC-X1800GS-B?

The recommended fix is to upgrade to a patched version of the firmware from ELECOM. Until an upgrade is available, implement strict file integrity checks and restrict access to configuration backups.

Is CVE-2026-25107 being actively exploited?

As of 2026-05-13, there are no reports of active exploitation. However, the vulnerability's nature suggests it could be exploited if a patch is not released promptly.

Where can I find the official ELECOM advisory for CVE-2026-25107?

Refer to the ELECOM website's security advisories section for the official advisory regarding CVE-2026-25107. Check their support pages for firmware updates and further details.

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitement Rechercher des CVE

en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Parcourir les fichiers