8.8

CVE-2026-21411

Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPlat'Home Co.,Ltd.
Produkt OpenBlocks IoT DX1 (FW5.0.x)
Version all versions prior to FW5.0.8
Status affected
HerstellerPlat'Home Co.,Ltd.
Produkt OpenBlocks IoT EX/BX models (FW5.0.x)
Version all versions prior to FW5.0.8
Status affected
HerstellerPlat'Home Co.,Ltd.
Produkt OpenBlocks IX9 models with FW (FW5.0.x)
Version all versions prior to FW5.0.8
Status affected
HerstellerPlat'Home Co.,Ltd.
Produkt OpenBlocks IoT VX2 (FW5.0.x)
Version all versions prior to FW5.0.8
Status affected
HerstellerPlat'Home Co.,Ltd.
Produkt OpenBlocks IDM RX1 (FW5.0.x)
Version all versions prior to FW5.0.8
Status affected
HerstellerPlat'Home Co.,Ltd.
Produkt OpenBlocks IoT FX1 (FW5.0.x)
Version all versions prior to FW5.0.8
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.194
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
vultures@jpcert.or.jp 8.7 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vultures@jpcert.or.jp 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8/
https://jvn.jp/en/vu/JVNVU97172240/