CVE-2026-25107

Summary

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-X1800GS-Bv1.19 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GS2-Bv1.09 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GS2-Wv1.09 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GS2A-Bv1.09 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GST2-Bv1.06 and earlieraffected
ELECOM CO.,LTD.WRC-X1800GSA-Bv1.19 and earlieraffected
ELECOM CO.,LTD.WRC-X1800GSH-Bv1.19 and earlieraffected
ELECOM CO.,LTD.WRC-X6000QS-Gv1.14 and earlieraffected
ELECOM CO.,LTD.WRC-X6000QSA-Gv1.14 and earlieraffected
ELECOM CO.,LTD.WRC-X6000XS-Gv1.12 and earlieraffected
ELECOM CO.,LTD.WRC-X6000XST-Gv1.16 and earlieraffected
ELECOM CO.,LTD.WRC-XE5400GS-G1.13 and earlieraffected
ELECOM CO.,LTD.WRC-XE5400GSA-Gv1.13 and earlieraffected

Weaknesses

  • CWE-321: Use of hard-coded cryptographic key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References