CRITICALCVE-2026-42062Published Modified CNA jpcert
CVE-2026-42062: ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 4
Affected packages
- ELECOM CO.,LTD. / WRC-BE72XSD-Bv1.1.1 and earlier
- ELECOM CO.,LTD. / WRC-BE72XSD-BAv1.1.1 and earlier
- ELECOM CO.,LTD. / WRC-BE65QSD-Bv1.1.0 and earlier
- ELECOM CO.,LTD. / WRC-W702-Bv1.1.0 and earlier
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences