CVE-2026-40621_CVE-2026-40621

9.8 / 10

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

AI Analysis

Unauthenticated access to specific URLs in ELECOM wireless LAN access point devices

Basic Information

ID CVE-2026-40621

Source jpcert

Published May 13, 2026 at 12:01

Affected Product

Vendor ELECOM CO.,LTD.

Product WRC-BE72XSD-B

Version v1.1.1 and earlier

Affected Versions ELECOM CO.,LTD. WRC-BE72XSD-B v1.1.1 and earlier
ELECOM CO.,LTD. WRC-BE72XSD-BA v1.1.1 and earlier
ELECOM CO.,LTD. WRC-BE65QSD-B v1.1.0 and earlier
ELECOM CO.,LTD. WRC-W702-B v1.1.0 and earlier

CWE Classification

CWE-288

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor ELECOM CO.,LTD.

Product WRC-BE72XSD-B, WRC-BE72XSD-BA, WRC-BE65QSD-B, WRC-W702-B

Version v1.1.1 and earlier, v1.1.0 and earlier

References

{
    "lastseen": "",
    "description": "ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.",
    "published": "2026-05-13T12:01:41.873Z",
    "modified": "2026-05-13T12:01:41.873Z",
    "type": "cve",
    "title": "CVE-2026-40621",
    "source": "jpcert",
    "references": "https://www.elecom.co.jp/news/security/20260512-01/\nhttps://jvn.jp/en/jp/JVN03037325/",
    "id": "CVE-2026-40621",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "ELECOM CO.,LTD. WRC-BE72XSD-B v1.1.1 and earlier\nELECOM CO.,LTD. WRC-BE72XSD-BA v1.1.1 and earlier\nELECOM CO.,LTD. WRC-BE65QSD-B v1.1.0 and earlier\nELECOM CO.,LTD. WRC-W702-B v1.1.0 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WRC-BE72XSD-B",
    "version": "v1.1.1 and earlier",
    "vendor": "ELECOM CO.,LTD.",
    "ai_description": "Unauthenticated access to specific URLs in ELECOM wireless LAN access point devices",
    "ai_severity": "Critical",
    "ai_vendor": "ELECOM CO.,LTD.",
    "ai_product": "WRC-BE72XSD-B, WRC-BE72XSD-BA, WRC-BE65QSD-B, WRC-W702-B",
    "ai_version": "v1.1.1 and earlier, v1.1.0 and earlier",
    "ai_score": 9.8
}