CVE-2026-25107NVD

Vulnerability Summary

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

Severity Level

MEDIUM(6.5)

Published Date

May 13, 2026

Last Modified

May 13, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.02%Probability

Root Weakness (CWE)

N/A

CVSS v3.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityNone

IntegrityHigh

AvailabilityNone

External References

https://www.elecom.co.jp/news/security/20260512-01/
https://jvn.jp/en/jp/JVN03037325/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-25107NVD

Vulnerability Summary

External References