MEDIUMCVE-2026-32326CVSS 5.7

SHARP routers voeren geen authenticatie uit voor sommige web API's. Apparaat informatie kan worden opgehaald zonder authenticatie. Als het beheerderswachtwoord van het apparaat op de initiële waarde blijft staan,

Platform

other

Component

sharp-home-5g-hr01-router

Opgelost in

38.0.1

5.0.1

38.0.1

3.87.16

3.0.1

AI Confidence: highNVDEPSS 0.0%Beoordeeld: mei 2026

Bekijk op NVD

Opslaan

Wordt vertaald naar uw taal…

CVE-2026-32326 describes an authentication bypass vulnerability affecting SHARP home 5G HR01 routers running versions up to and including S7.41.00. This flaw allows attackers to retrieve device information without authentication, potentially leading to complete device takeover if the administrator has not changed the default password. A firmware update is required to address this security concern.

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2026-32326 is the potential for unauthorized access to sensitive device information. An attacker exploiting this vulnerability can retrieve configuration details, network settings, and potentially user data stored on the router. Critically, if the administrator has left the default password unchanged, the attacker can gain full administrative control over the router, enabling them to modify settings, intercept network traffic, and launch further attacks against devices on the network. This represents a significant security risk, particularly for home networks and small businesses relying on the router for internet connectivity and security.

Uitbuitingscontextwordt vertaald…

This vulnerability was publicly disclosed on March 25, 2026. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's severity is assessed as medium, indicating a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog.

Wie Loopt Risicowordt vertaald…

Home users and small businesses utilizing SHARP home 5G HR01 routers, particularly those who have not changed the default administrator password, are at significant risk. Shared hosting environments utilizing these routers for customer internet access are also vulnerable.

Aanvalstijdlijn

2026-03-25Disclosure
disclosure

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend

CISA KEVNO

InternetblootstellingGemiddeld

Rapporten1 dreigingsrapport

EPSS

0.05% (14% percentiel)

CISA SSVC

Exploitatienone

Automatiseerbaarno

Technische Impactpartial

CVSS-vector

Wat betekenen deze metrics?

Attack Vector: Aangrenzend — netwerknabijheid vereist: zelfde LAN, Bluetooth of lokaal draadloos segment.
Attack Complexity: Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required: Laag — elk geldig gebruikersaccount is voldoende.
User Interaction: Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope: Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality: Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity: Geen — geen integriteitsimpact.
Availability: Geen — geen beschikbaarheidsimpact.

Getroffen Software

Componentsharp-home-5g-hr01-router

LeverancierSharp Corporation

Getroffen bereikOpgelost in

38JP_0_490 and earlier – 38JP_0_490 and earlier38.0.1

S5.A1.00 and earlier – S5.A1.00 and earlier5.0.1

38JP_2_03J and earlier – 38JP_2_03J and earlier38.0.1

S3.87.15 and earlierr – S3.87.15 and earlierr3.87.16

S6.64.00 and earlier – S6.64.00 and earlier—

S4.48.00 and earlier – S4.48.00 and earlier—

S7.41.00 and earlier – S7.41.00 and earlier—

3RJP_2_03I and earlier – 3RJP_2_03I and earlier3.0.1

Zwakheidsclassificatie (CWE)

CWE-306

Tijdlijn

Gereserveerd2026-03-12
Gepubliceerd2026-03-25
EPSS bijgewerkt2026-04-01

Geen patch — 60 dagen na openbaarmaking

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2026-32326 is to upgrade the SHARP HR01 router to a firmware version that addresses the authentication bypass. SHARP has not yet released a fixed firmware version, so users should monitor the SHARP support website for updates. As a temporary workaround, changing the default administrator password is crucial to prevent unauthorized access. Consider implementing network segmentation to limit the impact of a potential compromise. Regularly review router logs for suspicious activity.

Hoe te verhelpen

Werk de firmware van de SHARP home 5G HR01 router bij naar de laatste beschikbare versie die door de fabrikant wordt aangeboden. Zorg ervoor dat u het standaard beheerderswachtwoord wijzigt in een veilig en uniek wachtwoord.

CVE Beveiligingsnieuwsbrief

Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.

Veelgestelde vragenwordt vertaald…

What is CVE-2026-32326 — Authentication Bypass in SHARP HR01 Router?

CVE-2026-32326 is a medium severity vulnerability in the SHARP HR01 router allowing unauthenticated access to device information, potentially leading to takeover if default credentials are used.

Am I affected by CVE-2026-32326 in SHARP HR01 Router?

You are affected if you use a SHARP HR01 router running version S7.41.00 or earlier and have not changed the default administrator password.

How do I fix CVE-2026-32326 in SHARP HR01 Router?

Upgrade to a patched firmware version from SHARP. Monitor the SHARP support website for updates. Until then, change the default administrator password.

Is CVE-2026-32326 being actively exploited?

There are currently no reports of active exploitation, but the vulnerability is publicly known.

Where can I find the official SHARP advisory for CVE-2026-32326?

Please refer to the SHARP support website for the latest advisory and firmware updates regarding CVE-2026-32326.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannen CVEs zoeken