CVE-2026-3356 | THREATINT

Description

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

PUBLISHED Reserved 2026-02-27 | Published 2026-03-31 | Updated 2026-04-01 | Assigner icscert

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing authentication for critical function

Product status

Default status

unaffected

All versions (custom)

affected

Default status

unaffected

All versions (custom)

affected

Default status

unaffected

All versions (custom)

affected

Default status

unaffected

All versions (custom)

affected

Credits

Souvik Kandar reporter

References

www.cisa.gov/news-events/ics-advisories/icsa-26-090-01 government-resource

cve.org (CVE-2026-3356)

nvd.nist.gov (CVE-2026-3356)

Download JSON

help @ threatint.eu