CVE-2026-25107 | THREATINT

Description

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-13 | Updated 2026-05-13 | Assigner jpcert

MEDIUM: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

Use of hard-coded cryptographic key

Product status

v1.19 and earlier

affected

v1.09 and earlier

affected

v1.09 and earlier

affected

v1.09 and earlier

affected

v1.06 and earlier

affected

v1.19 and earlier

affected

v1.19 and earlier

affected

v1.14 and earlier

affected

v1.14 and earlier

affected

v1.12 and earlier

affected

v1.16 and earlier

affected

1.13 and earlier

affected

v1.13 and earlier

affected

References

www.elecom.co.jp/news/security/20260512-01/

jvn.jp/en/jp/JVN03037325/

cve.org (CVE-2026-25107)

nvd.nist.gov (CVE-2026-25107)

Download JSON