CVE-2026-40621

Summary

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-BE72XSD-Bv1.1.1 and earlieraffected
ELECOM CO.,LTD.WRC-BE72XSD-BAv1.1.1 and earlieraffected
ELECOM CO.,LTD.WRC-BE65QSD-Bv1.1.0 and earlieraffected
ELECOM CO.,LTD.WRC-W702-Bv1.1.0 and earlieraffected

Weaknesses

  • CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References