CVE-2026-42948
4.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WAB-BE187-M | v1.1.10 and earlier | affected |
| ELECOM CO.,LTD. | WAB-BE72-M | v1.1.3 and earlier | affected |
| ELECOM CO.,LTD. | WAB-BE36-M | v1.1.3 and earlier | affected |
| ELECOM CO.,LTD. | WAB-BE36-S | v1.1.3 and earlier | affected |
Weaknesses
- CWE-79: Cross-site scripting (XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.