免费扫描
分析待定CVE-2026-25107

CVE-2026-25107: Configuration File Tampering in ELECOM WRC-X1800GS-B

平台

linux

组件

elecom-wrc-x1800gs-b

在NVD查看
保存

CVE-2026-25107 affects ELECOM WRC-X1800GS-B Wireless LAN Access Points running versions 1.06 through 1.19. This vulnerability stems from the use of a hardcoded cryptographic key when backing up configuration files. An attacker possessing this key can modify these backups, potentially tricking administrators into restoring a malicious configuration, leading to unauthorized access or device compromise.

影响与攻击场景翻译中…

The primary impact of this vulnerability is the potential for unauthorized configuration changes. An attacker who obtains the hardcoded encryption key can craft a malicious configuration file backup. If an administrator restores this crafted backup, the attacker gains control over the access point's settings. This could include altering the network name (SSID), changing the password, redirecting traffic, or even disabling security features. The blast radius extends to all devices connected to the compromised access point, as they would be subject to the attacker's manipulated network configuration. While direct remote code execution isn't possible, the ability to control network settings presents a significant security risk.

利用背景翻译中…

As of the publication date (2026-05-13), this CVE has not been listed on KEV or EPSS. The CVSS score of 6.5 (Medium) indicates a moderate probability of exploitation. Public proof-of-concept (POC) code is currently unavailable, but the vulnerability's nature makes it likely that exploits will emerge if the vendor does not release a timely patch. Monitor security advisories and threat intelligence feeds for updates.

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

CISA SSVC

利用情况none
可自动化no
技术影响partial

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.5MEDIUMAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionRequired是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityNone敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityNone服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
无 — 无机密性影响。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
无 — 无可用性影响。

受影响的软件

组件elecom-wrc-x1800gs-b
供应商ELECOM CO.,LTD.
最低版本1.06
最高版本v1.19 and earlier

弱点分类 (CWE)

CWE-321

时间线

  1. 已保留
  2. 发布日期

缓解措施和替代方案翻译中…

The primary mitigation is to upgrade the ELECOM WRC-X1800GS-B access point to a version that addresses this vulnerability (a patched version is expected from ELECOM). Until an upgrade is available, implement strict file integrity checks on all configuration backups. Verify the hash of any restored configuration file against a known good baseline. Limit access to the configuration backup functionality to authorized personnel only. Consider implementing a WAF or proxy to inspect traffic related to configuration file uploads and downloads, looking for suspicious patterns. After upgrade, confirm by verifying the configuration file backup process no longer uses the hardcoded key.

修复方法翻译中…

Actualice el firmware del dispositivo ELECOM WRC-X1800GS-B a una versión corregida. Consulte el sitio web de ELECOM para obtener las últimas actualizaciones de firmware y las instrucciones de instalación.

常见问题翻译中…

What is CVE-2026-25107 — Configuration File Tampering in ELECOM WRC-X1800GS-B?

CVE-2026-25107 is a medium-severity vulnerability affecting ELECOM WRC-X1800GS-B access points. It allows attackers with the hardcoded encryption key to tamper with configuration backups, potentially compromising device settings and network security.

Am I affected by CVE-2026-25107 in ELECOM WRC-X1800GS-B?

You are affected if you are using an ELECOM WRC-X1800GS-B access point running version 1.06 through 1.19. Check your device's firmware version to determine if you are vulnerable.

How do I fix CVE-2026-25107 in ELECOM WRC-X1800GS-B?

The recommended fix is to upgrade to a patched version of the firmware from ELECOM. Until an upgrade is available, implement strict file integrity checks and restrict access to configuration backups.

Is CVE-2026-25107 being actively exploited?

As of 2026-05-13, there are no reports of active exploitation. However, the vulnerability's nature suggests it could be exploited if a patch is not released promptly.

Where can I find the official ELECOM advisory for CVE-2026-25107?

Refer to the ELECOM website's security advisories section for the official advisory regarding CVE-2026-25107. Check their support pages for firmware updates and further details.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE
live免费扫描

立即试用 — 无需账户

上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。

手动扫描Slack/邮件提醒持续监控白标报告

拖放您的依赖文件

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...