CVE-2026-42948

MEDIUM CVSS 4.8 View on NVD ↗

Description

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References

https://jvn.jp/en/jp/JVN03037325/
https://www.elecom.co.jp/news/security/20260512-01/

Published: May 13, 2026 13:16 UTC Modified: May 13, 2026 15:47 UTC