CVE-2026-42062_CVE-2026-42062

9.8 / 10

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

AI Analysis

OS command injection vulnerability in ELECOM wireless LAN access point devices, allowing execution of arbitrary OS commands without authentication.

Basic Information

ID CVE-2026-42062

Source jpcert

Published May 13, 2026 at 12:01

Affected Product

Vendor ELECOM CO.,LTD.

Product WRC-BE72XSD-B

Version v1.1.1 and earlier

Affected Versions ELECOM CO.,LTD. WRC-BE72XSD-B v1.1.1 and earlier
ELECOM CO.,LTD. WRC-BE72XSD-BA v1.1.1 and earlier
ELECOM CO.,LTD. WRC-BE65QSD-B v1.1.0 and earlier
ELECOM CO.,LTD. WRC-W702-B v1.1.0 and earlier

CWE Classification

CWE-78

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor ELECOM CO.,LTD.

Product WRC-BE72XSD-B, WRC-BE72XSD-BA, WRC-BE65QSD-B, WRC-W702-B

Version v1.1.1 and earlier, v1.1.0 and earlier

References

{
    "lastseen": "",
    "description": "ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.",
    "published": "2026-05-13T12:01:52.127Z",
    "modified": "2026-05-13T12:01:52.127Z",
    "type": "cve",
    "title": "CVE-2026-42062",
    "source": "jpcert",
    "references": "https://www.elecom.co.jp/news/security/20260512-01/\nhttps://jvn.jp/en/jp/JVN03037325/",
    "id": "CVE-2026-42062",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "ELECOM CO.,LTD. WRC-BE72XSD-B v1.1.1 and earlier\nELECOM CO.,LTD. WRC-BE72XSD-BA v1.1.1 and earlier\nELECOM CO.,LTD. WRC-BE65QSD-B v1.1.0 and earlier\nELECOM CO.,LTD. WRC-W702-B v1.1.0 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WRC-BE72XSD-B",
    "version": "v1.1.1 and earlier",
    "vendor": "ELECOM CO.,LTD.",
    "ai_description": "OS command injection vulnerability in ELECOM wireless LAN access point devices, allowing execution of arbitrary OS commands without authentication.",
    "ai_severity": "Critical",
    "ai_vendor": "ELECOM CO.,LTD.",
    "ai_product": "WRC-BE72XSD-B, WRC-BE72XSD-BA, WRC-BE65QSD-B, WRC-W702-B",
    "ai_version": "v1.1.1 and earlier, v1.1.0 and earlier",
    "ai_score": 9.8
}