CRITICALCVE-2026-40621Published 2026-05-13Modified 2026-05-13CNA jpcert

CVE-2026-40621: ELECOM wireless LAN access point devices do not require authentication to access some specific URLs

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 4

Affected packages

ELECOM CO.,LTD. / WRC-BE72XSD-B
v1.1.1 and earlier
ELECOM CO.,LTD. / WRC-BE72XSD-BA
v1.1.1 and earlier
ELECOM CO.,LTD. / WRC-BE65QSD-B
v1.1.0 and earlier
ELECOM CO.,LTD. / WRC-W702-B
v1.1.0 and earlier

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

elecom.co.jp
jvn.jp

Metrics