CVE-2026-3356
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Anritsu | Remote Spectrum Monitor MS27100A | All versions | affected |
| Anritsu | Remote Spectrum Monitor MS27101A | All versions | affected |
| Anritsu | Remote Spectrum Monitor MS27102A | All versions | affected |
| Anritsu | Remote Spectrum Monitor MS27103A | All versions | affected |
Weaknesses
- CWE-306: CWE-306 Missing authentication for critical function
Workarounds
Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.
Users can contact Anritsu Technical Support (1-800-267-4878) for more information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.