CVE-2026-25107

🗓️ 13 May 2026 12:01:20Reported by jpcertType

CVE-2026-25107: ELECOM wireless LAN access points use a hard-coded key for backups, enabling config tampering.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-25107	13 May 202612:01	–	attackerkb
Circl	CVE-2026-25107	11 May 202622:00	–	circl
CNNVD	ELECOM WRC和ELECOM WAB 安全漏洞	13 May 202600:00	–	cnnvd
Cvelist	CVE-2026-25107	13 May 202612:01	–	cvelist
EUVD	EUVD-2026-29935	13 May 202618:30	–	euvd
Japan Vulnerability Notes	Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)	12 May 202606:16	–	jvn
NVD	CVE-2026-25107	13 May 202613:16	–	nvd
Positive Technologies	PT-2026-40593	13 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-25107	5 Jun 202619:40	–	redhatcve
Vulnrichment	CVE-2026-25107	13 May 202612:01	–	vulnrichment

Vulners

Node

elecom wrc-x1800gs-bMatch1.19

elecom wrc-x3000gs2-bMatch1.09

elecom wrc-x3000gs2-wMatch1.09

elecom wrc-x3000gs2a-bMatch1.09

elecom wrc-x3000gst2-bMatch1.06

elecom wrc-x1800gsa-bMatch1.19

elecom wrc-x1800gsh-bMatch1.19

elecom wrc-x6000qs-gMatch1.14

elecom wrc-x6000qsa-gMatch1.14

elecom wrc-x6000xs-gMatch1.12

elecom wrc-x6000xst-gMatch1.16

elecom wrc-xe5400gs-gMatch1.13

elecom wrc-xe5400gsa-gMatch1.13

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X1800GS-B",
    "versions": [
      {
        "version": "v1.19 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS2-B",
    "versions": [
      {
        "version": "v1.09 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS2-W",
    "versions": [
      {
        "version": "v1.09 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS2A-B",
    "versions": [
      {
        "version": "v1.09 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GST2-B",
    "versions": [
      {
        "version": "v1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X1800GSA-B",
    "versions": [
      {
        "version": "v1.19 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X1800GSH-B",
    "versions": [
      {
        "version": "v1.19 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X6000QS-G",
    "versions": [
      {
        "version": "v1.14 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X6000QSA-G",
    "versions": [
      {
        "version": "v1.14 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X6000XS-G",
    "versions": [
      {
        "version": "v1.12 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X6000XST-G",
    "versions": [
      {
        "version": "v1.16 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-XE5400GS-G",
    "versions": [
      {
        "version": "1.13 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-XE5400GSA-G",
    "versions": [
      {
        "version": "v1.13 and earlier",
        "status": "affected"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/en/jp/JVN03037325/
elecom	www.elecom.co.jp/news/security/20260512-01/

13 May 2026 15:47Current

6.6Medium risk

Vulners AI Score6.6

CVSS 36.5

CVSS 46.9

EPSS0.00019

SSVC

CWE-321