CVE-2026-25107 PUBLISHED

Assigner: jpcert
Reserved: 07.05.2026 Published: 13.05.2026 Updated: 13.05.2026

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor ELECOM CO.,LTD.
Product WRC-X1800GS-B
Versions
  • Version v1.19 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X3000GS2-B
Versions
  • Version v1.09 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X3000GS2-W
Versions
  • Version v1.09 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X3000GS2A-B
Versions
  • Version v1.09 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X3000GST2-B
Versions
  • Version v1.06 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X1800GSA-B
Versions
  • Version v1.19 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X1800GSH-B
Versions
  • Version v1.19 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X6000QS-G
Versions
  • Version v1.14 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X6000QSA-G
Versions
  • Version v1.14 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X6000XS-G
Versions
  • Version v1.12 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-X6000XST-G
Versions
  • Version v1.16 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-XE5400GS-G
Versions
  • Version 1.13 and earlier is affected
Vendor ELECOM CO.,LTD.
Product WRC-XE5400GSA-G
Versions
  • Version v1.13 and earlier is affected

References

Problem Types