JVNDB-2026-000073

Vulnerability from jvndb - Published: 2026-05-12 15:16 - Updated:2026-05-20 11:52
Severity
9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)
Details
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
  • Use of Hard-coded Cryptographic Key in creating backup of configuration files (CWE-321) - CVE-2026-25107
  • OS command injection in processing of ping_ip_addr parameter (CWE-78) - CVE-2026-35506
  • Missing authentication when accepting in specific URLs (CWE-288) - CVE-2026-40621
  • OS command injection in processing of username parameter (CWE-78) - CVE-2026-42062
  • Stored cross-site scripting due to inadequate hostname parameter handling (CWE-79) - CVE-2026-42948
  • Missing Check for language parameter (CWE-754) - CVE-2026-42950
  • Inadequate CSRF protection (CWE-344) - CVE-2026-42961
The vulnerabilities are reported from the following people, and JPCERT/CC coordinated with the developer. CVE-2026-25107, CVE-2026-42950, CVE-2026-42961 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. CVE-2026-42948 Sato Nobuhiro of Suzuki Motor Corporation, Futamata Keisuke of University Of Fukui, Takahashi Natsuki of Shizuoka University, Sasaki Miyu of Waseda University, and Tsuyoshi Tomita of Ministry of Defense reported this vulnerability to IPA. CVE-2026-35506, CVE-2026-40621, CVE-2026-42062 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000073.html",
  "dc:date": "2026-05-20T11:52+09:00",
  "dcterms:issued": "2026-05-12T15:16+09:00",
  "dcterms:modified": "2026-05-20T11:52+09:00",
  "description": "Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/321.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/288.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/754.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/344.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUse of Hard-coded Cryptographic Key in creating backup of configuration files (CWE-321) - CVE-2026-25107\u003c/li\u003e\u003cli\u003eOS command injection in processing of ping_ip_addr parameter (CWE-78) - CVE-2026-35506\u003c/li\u003e\u003cli\u003eMissing authentication when accepting in specific URLs (CWE-288) - CVE-2026-40621\u003c/li\u003e\u003cli\u003eOS command injection in processing of username parameter (CWE-78) - CVE-2026-42062\u003c/li\u003e\u003cli\u003eStored cross-site scripting due to inadequate hostname parameter handling (CWE-79) - CVE-2026-42948\u003c/li\u003e\u003cli\u003eMissing Check for language parameter (CWE-754) - CVE-2026-42950\u003c/li\u003e\u003cli\u003eInadequate CSRF protection (CWE-344) - CVE-2026-42961\u003c/li\u003e\u003c/ul\u003eThe vulnerabilities are reported from the following people, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2026-25107, CVE-2026-42950, CVE-2026-42961\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\n\r\nCVE-2026-42948\r\nSato Nobuhiro of Suzuki Motor Corporation, Futamata Keisuke of University Of Fukui, Takahashi Natsuki of Shizuoka University, Sasaki Miyu of Waseda University, and Tsuyoshi Tomita of Ministry of Defense reported this vulnerability to IPA.\r\n\r\nCVE-2026-35506, CVE-2026-40621, CVE-2026-42062\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000073.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:wab-be187-m",
      "@product": "WAB-BE187-M",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-be36-m",
      "@product": "WAB-BE36-M",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-be36-s",
      "@product": "WAB-BE36-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-be72-m",
      "@product": "WAB-BE72-M",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-be65qsd-b",
      "@product": "WRC-BE65QSD-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-be72xsd-b",
      "@product": "WRC-BE72XSD-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-be72xsd-ba",
      "@product": "WRC-BE72XSD-BA",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-w702-b",
      "@product": "WRC-W702-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
      "@product": "WRC-X1800GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
      "@product": "WRC-X1800GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
      "@product": "WRC-X1800GSH-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b",
      "@product": "WRC-X3000GS2-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w",
      "@product": "WRC-X3000GS2-W",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
      "@product": "WRC-X3000GS2A-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gst2-b",
      "@product": "WRC-X3000GST2-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000qs-g",
      "@product": "WRC-X6000QS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
      "@product": "WRC-X6000QSA-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
      "@product": "WRC-X6000XS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
      "@product": "WRC-X6000XST-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-xe5400gs-g",
      "@product": "WRC-XE5400GS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
      "@product": "WRC-XE5400GSA-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2026-000073",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN03037325/index.html",
      "@id": "JVN#03037325",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-25107",
      "@id": "CVE-2026-25107",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-35506",
      "@id": "CVE-2026-35506",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-40621",
      "@id": "CVE-2026-40621",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-42062",
      "@id": "CVE-2026-42062",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-42948",
      "@id": "CVE-2026-42948",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-42950",
      "@id": "CVE-2026-42950",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-42961",
      "@id": "CVE-2026-42961",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.