CVE-2026-42948

Summary

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WAB-BE187-Mv1.1.10 and earlieraffected
ELECOM CO.,LTD.WAB-BE72-Mv1.1.3 and earlieraffected
ELECOM CO.,LTD.WAB-BE36-Mv1.1.3 and earlieraffected
ELECOM CO.,LTD.WAB-BE36-Sv1.1.3 and earlieraffected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References