6.9
CVE-2026-25107
- EPSS 0.12%
- Veröffentlicht 13.05.2026 12:01:20
- Zuletzt bearbeitet 13.05.2026 15:47:10
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X1800GS-B
Version
v1.19 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X3000GS2-B
Version
v1.09 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X3000GS2-W
Version
v1.09 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X3000GS2A-B
Version
v1.09 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X3000GST2-B
Version
v1.06 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X1800GSA-B
Version
v1.19 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X1800GSH-B
Version
v1.19 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X6000QS-G
Version
v1.14 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X6000QSA-G
Version
v1.14 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X6000XS-G
Version
v1.12 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-X6000XST-G
Version
v1.16 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-XE5400GS-G
Version
1.13 and earlier
Status
affected
HerstellerELECOM CO.,LTD.
≫
Produkt
WRC-XE5400GSA-G
Version
v1.13 and earlier
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.025 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vultures@jpcert.or.jp | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| vultures@jpcert.or.jp | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
https://www.elecom.co.jp/news/security/20260512-01/
https://jvn.jp/en/jp/JVN03037325/