CVE-2026-42948_CVE-2026-42948

4.8 / 10

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.

Basic Information

ID CVE-2026-42948

Source jpcert

Published May 13, 2026 at 12:02

Affected Product

Vendor ELECOM CO.,LTD.

Product WAB-BE187-M

Version v1.1.10 and earlier

Affected Versions ELECOM CO.,LTD. WAB-BE187-M v1.1.10 and earlier
ELECOM CO.,LTD. WAB-BE72-M v1.1.3 and earlier
ELECOM CO.,LTD. WAB-BE36-M v1.1.3 and earlier
ELECOM CO.,LTD. WAB-BE36-S v1.1.3 and earlier

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.",
    "published": "2026-05-13T12:02:03.914Z",
    "modified": "2026-05-13T12:02:03.914Z",
    "type": "cve",
    "title": "CVE-2026-42948",
    "source": "jpcert",
    "references": "https://www.elecom.co.jp/news/security/20260512-01/\nhttps://jvn.jp/en/jp/JVN03037325/",
    "id": "CVE-2026-42948",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "ELECOM CO.,LTD. WAB-BE187-M v1.1.10 and earlier\nELECOM CO.,LTD. WAB-BE72-M v1.1.3 and earlier\nELECOM CO.,LTD. WAB-BE36-M v1.1.3 and earlier\nELECOM CO.,LTD. WAB-BE36-S v1.1.3 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WAB-BE187-M",
    "version": "v1.1.10 and earlier",
    "vendor": "ELECOM CO.,LTD.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}