Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

Basic Information

ID CVE-2026-3356

Source icscert

Published Mar 31, 2026 at 18:40

Modified Apr 1, 2026 at 13:43

Affected Product

Vendor Anritsu

Product Remote Spectrum Monitor MS27100A

Version All versions

Affected Versions Anritsu Remote Spectrum Monitor MS27100A All versions
Anritsu Remote Spectrum Monitor MS27101A All versions
Anritsu Remote Spectrum Monitor MS27102A All versions
Anritsu Remote Spectrum Monitor MS27103A All versions

CWE Classification

CWE-306

References

www.cisa.gov /news-events/ics-advisories/icsa-26-090-01

{
    "lastseen": "",
    "description": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.",
    "published": "2026-03-31T18:40:17.359Z",
    "modified": "2026-04-01T13:43:44.724Z",
    "type": "cve",
    "title": "Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01",
    "id": "CVE-2026-3356",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Anritsu Remote Spectrum Monitor MS27100A All versions\nAnritsu Remote Spectrum Monitor MS27101A All versions\nAnritsu Remote Spectrum Monitor MS27102A All versions\nAnritsu Remote Spectrum Monitor MS27103A All versions",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Remote Spectrum Monitor MS27100A",
    "version": "All versions",
    "vendor": "Anritsu",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor_CVE-2026-3356