CVE-2026-25107
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B | v1.19 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2-B | v1.09 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2-W | v1.09 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2A-B | v1.09 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GST2-B | v1.06 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X1800GSA-B | v1.19 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X1800GSH-B | v1.19 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000QS-G | v1.14 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000QSA-G | v1.14 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000XS-G | v1.12 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000XST-G | v1.16 and earlier | affected |
| ELECOM CO.,LTD. | WRC-XE5400GS-G | 1.13 and earlier | affected |
| ELECOM CO.,LTD. | WRC-XE5400GSA-G | v1.13 and earlier | affected |
Weaknesses
- CWE-321: Use of hard-coded cryptographic key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.