CVE-2026-3356

Summary

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

Affected Software

VendorProductVersion RangeStatus
AnritsuRemote Spectrum Monitor MS27100AAll versionsaffected
AnritsuRemote Spectrum Monitor MS27101AAll versionsaffected
AnritsuRemote Spectrum Monitor MS27102AAll versionsaffected
AnritsuRemote Spectrum Monitor MS27103AAll versionsaffected

Weaknesses

  • CWE-306: CWE-306 Missing authentication for critical function

Workarounds

Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.

Users can contact Anritsu Technical Support (1-800-267-4878) for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References