CVE 8.8 HIGH

CVE-2026-21411_CVE-2026-21411

January 6, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.

AI Analysis

Authentication bypass vulnerability in OpenBlocks series prior to FW5.0.8, allowing attackers to bypass administrator authentication and change passwords.

Basic Information

ID CVE-2026-21411

Source jpcert

Published Jan 6, 2026 at 06:34

Affected Product

Vendor Plat'Home Co.,Ltd.

Product OpenBlocks IoT DX1 (FW5.0.x)

Version all versions prior to FW5.0.8

Affected Versions Plat'Home Co.,Ltd. OpenBlocks IoT DX1 (FW5.0.x) all versions prior to FW5.0.8
Plat'Home Co.,Ltd. OpenBlocks IoT EX/BX models (FW5.0.x) all versions prior to FW5.0.8
Plat'Home Co.,Ltd. OpenBlocks IX9 models with FW (FW5.0.x) all versions prior to FW5.0.8
Plat'Home Co.,Ltd. OpenBlocks IoT VX2 (FW5.0.x) all versions prior to FW5.0.8
Plat'Home Co.,Ltd. OpenBlocks IDM RX1 (FW5.0.x) all versions prior to FW5.0.8
Plat'Home Co.,Ltd. OpenBlocks IoT FX1 (FW5.0.x) all versions prior to FW5.0.8

CWE Classification

CWE-288

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Plat'Home Co.,Ltd.

Product OpenBlocks IoT DX1

Version all versions prior to FW5.0.8

References

{
    "lastseen": "",
    "description": "Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.",
    "published": "2026-01-06T06:34:11.329Z",
    "modified": "2026-01-06T06:34:11.329Z",
    "type": "cve",
    "title": "CVE-2026-21411",
    "source": "jpcert",
    "references": "https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8/\nhttps://jvn.jp/en/vu/JVNVU97172240/",
    "id": "CVE-2026-21411",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Plat'Home Co.,Ltd. OpenBlocks IoT DX1 (FW5.0.x) all versions prior to FW5.0.8\nPlat'Home Co.,Ltd. OpenBlocks IoT EX/BX models (FW5.0.x) all versions prior to FW5.0.8\nPlat'Home Co.,Ltd. OpenBlocks IX9 models with FW (FW5.0.x) all versions prior to FW5.0.8\nPlat'Home Co.,Ltd. OpenBlocks IoT VX2 (FW5.0.x) all versions prior to FW5.0.8\nPlat'Home Co.,Ltd. OpenBlocks IDM RX1 (FW5.0.x) all versions prior to FW5.0.8\nPlat'Home Co.,Ltd. OpenBlocks IoT FX1 (FW5.0.x) all versions prior to FW5.0.8",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenBlocks IoT DX1 (FW5.0.x)",
    "version": "all versions prior to FW5.0.8",
    "vendor": "Plat'Home Co.,Ltd.",
    "ai_description": "Authentication bypass vulnerability in OpenBlocks series prior to FW5.0.8, allowing attackers to bypass administrator authentication and change passwords.",
    "ai_severity": "High",
    "ai_vendor": "Plat'Home Co.,Ltd.",
    "ai_product": "OpenBlocks IoT DX1",
    "ai_version": "all versions prior to FW5.0.8",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply