CVE-2026-42961

MEDIUM CVSS 4.3 View on NVD ↗

Description

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

https://jvn.jp/en/jp/JVN03037325/
https://www.elecom.co.jp/news/security/20260512-01/

Published: May 13, 2026 13:16 UTC Modified: May 13, 2026 15:47 UTC