CVE-2026-25107

MEDIUM CVSS 6.5 View on NVD ↗

Description

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

https://jvn.jp/en/jp/JVN03037325/
https://www.elecom.co.jp/news/security/20260512-01/

Published: May 13, 2026 13:16 UTC Modified: May 13, 2026 15:47 UTC