CVE-2026-42961

Summary

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WAB-BE187-Mv1.1.10 and earlieraffected
ELECOM CO.,LTD.WAB-BE72-Mv1.1.3 and earlieraffected
ELECOM CO.,LTD.WAB-BE36-Mv1.1.3 and earlieraffected
ELECOM CO.,LTD.WAB-BE36-Sv1.1.3 and earlieraffected

Weaknesses

  • CWE-344: Use of Invariant Value in Dynamically Changing Context

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References