Gratis scannen
Analyse in behandelingCVE-2026-40621

CVE-2026-40621: Authentication Bypass in ELECOM WRC-BE72XSD-B

Platform

linux

Component

elecom-wrc-be72xsd-b

Bekijk op NVD
Opslaan

CVE-2026-40621 describes a critical authentication bypass vulnerability affecting ELECOM WRC-BE72XSD-B Wireless LAN Access Points. This flaw allows attackers to access specific URLs without authentication, potentially leading to unauthorized access and control. The vulnerability impacts versions 1.1.0 through v1.1.1. A firmware update is required to remediate this issue.

Impact en Aanvalsscenarioswordt vertaald…

The lack of authentication on certain URLs within the ELECOM WRC-BE72XSD-B access point presents a significant security risk. An attacker could exploit this vulnerability to gain unauthorized access to sensitive configuration data, such as network settings, passwords, and potentially even user credentials stored on the device. This could allow them to modify the network configuration, redirect traffic, launch attacks against other devices on the network, or even gain complete control of the access point. The potential blast radius extends to all devices connected to the affected network, making this a high-priority vulnerability to address.

Uitbuitingscontextwordt vertaald…

CVE-2026-40621 was published on May 13, 2026. Its severity is rated CRITICAL (9.8) by CVSS. As of this writing, there are no publicly known Proof-of-Concept (POC) exploits. The vulnerability is not currently listed on KEV or EPSS, suggesting a low to medium probability of exploitation in the near term, but the critical severity warrants immediate attention. Monitor security advisories from ELECOM and security research communities for updates.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog
Rapporten1 dreigingsrapport

CISA SSVC

Exploitatienone
Automatiseerbaaryes
Technische Impacttotal

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityHighRisico op blootstelling van gevoelige dataIntegrityHighRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity
Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentelecom-wrc-be72xsd-b
LeverancierELECOM CO.,LTD.
Minimumversie1.1.0
Maximumversiev1.1.1 and earlier

Zwakheidsclassificatie (CWE)

CWE-288

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2026-40621 is to upgrade the ELECOM WRC-BE72XSD-B Wireless LAN Access Point to a patched firmware version. ELECOM has not yet released a fixed version, so monitoring their website for updates is crucial. Until a patch is available, consider implementing network segmentation to isolate the access point from critical resources. Additionally, restrict access to the access point's management interface using a firewall and strong passwords for any existing authentication mechanisms. Regularly review access logs for any suspicious activity.

Hoe te verhelpenwordt vertaald…

Actualice el firmware del dispositivo ELECOM WRC-BE72XSD-B a una versión corregida que implemente la autenticación adecuada para el acceso a URLs específicas. Consulte la página de soporte de ELECOM para obtener más información sobre las actualizaciones de firmware disponibles: https://www.elecom.co.jp/news/security/20260512-01/

Veelgestelde vragenwordt vertaald…

What is CVE-2026-40621 — Authentication Bypass in ELECOM WRC-BE72XSD-B?

CVE-2026-40621 is a critical vulnerability affecting ELECOM WRC-BE72XSD-B Wireless LAN Access Points. It allows attackers to access specific URLs without authentication, potentially gaining unauthorized access to sensitive data and control of the device.

Am I affected by CVE-2026-40621 in ELECOM WRC-BE72XSD-B?

You are affected if you are using ELECOM WRC-BE72XSD-B Wireless LAN Access Points running versions 1.1.0 through v1.1.1. Check your device's firmware version to determine if you are vulnerable.

How do I fix CVE-2026-40621 in ELECOM WRC-BE72XSD-B?

The recommended fix is to upgrade to a patched firmware version from ELECOM. Monitor ELECOM's website for updates. Until a patch is available, implement network segmentation and restrict access to the management interface.

Is CVE-2026-40621 being actively exploited?

As of the current date, there are no publicly known active exploitation campaigns targeting CVE-2026-40621. However, the critical severity warrants immediate attention and proactive mitigation.

Where can I find the official ELECOM advisory for CVE-2026-40621?

Please refer to the ELECOM website for the latest security advisories and firmware updates related to CVE-2026-40621. Check their support section or contact their customer support for assistance.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...