CVE-2026-32326

Summary

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

Affected Software

VendorProductVersion RangeStatus
Sharp Corporationhome 5G HR0138JP_0_490 and earlieraffected
Sharp Corporationhome 5G HR02S5.A1.00 and earlieraffected
Sharp CorporationWi-Fi STATION SH-52A38JP_2_03J and earlieraffected
Sharp CorporationWi-Fi STATION SH-52BS3.87.15 and earlierraffected
Sharp CorporationWi-Fi STATION SH-54CS6.64.00 and earlieraffected
Sharp Corporation5G Mobile Router SH-U01S4.48.00 and earlieraffected
Sharp CorporationPocket WiFi 5G A503SHS7.41.00 and earlieraffected
Sharp CorporationSpeed Wi-Fi 5G X013RJP_2_03I and earlieraffected

Weaknesses

  • CWE-306: Missing authentication for critical function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References