CVE Catalog

CVE-2026-42062

Critical
Published: Translated: NVD NIST

Summary

ELECOM wireless LAN access point devices contain an OS command injection in processing of the username parameter. If processing a crafted request, an arbitrary OS command may be executed.

Risk Assessment

No authentication is required, allowing an attacker to remotely execute arbitrary commands, posing a significant security threat.

Recommendation

It is recommended to update the firmware of ELECOM devices and implement appropriate security measures to mitigate the risk of attacks.

Original NVD description (English source)

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS