CVE-2026-32326 | THREATINT

Description

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

PUBLISHED Reserved 2026-03-12 | Published 2026-03-25 | Updated 2026-03-25 | Assigner jpcert

MEDIUM: 5.7CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

MEDIUM: 6.9CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

Missing authentication for critical function

Product status

38JP_0_490 and earlier

affected

S5.A1.00 and earlier

affected

38JP_2_03J and earlier

affected

S3.87.15 and earlierr

affected

S6.64.00 and earlier

affected

S4.48.00 and earlier

affected

S7.41.00 and earlier

affected

3RJP_2_03I and earlier

affected

References

global.sharp/...nfo/product-security/advisory-list/2026-002/

jvn.jp/en/jp/JVN49524110/

cve.org (CVE-2026-32326)

nvd.nist.gov (CVE-2026-32326)

Download JSON