CVE-2026-42948 | THREATINT

Description

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-13 | Updated 2026-05-13 | Assigner jpcert

MEDIUM: 4.8CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

Cross-site scripting (XSS)

Product status

v1.1.10 and earlier

affected

v1.1.3 and earlier

affected

v1.1.3 and earlier

affected

v1.1.3 and earlier

affected

References

www.elecom.co.jp/news/security/20260512-01/

jvn.jp/en/jp/JVN03037325/

cve.org (CVE-2026-42948)

nvd.nist.gov (CVE-2026-42948)

Download JSON