CVE Catalog
CVE-2026-42062
CriticalSummary
ELECOM wireless LAN access point devices contain an OS command injection in processing of the username parameter. If processing a crafted request, an arbitrary OS command may be executed.
Risk Assessment
No authentication is required, allowing an attacker to remotely execute arbitrary commands, posing a significant security threat.
Recommendation
It is recommended to update the firmware of ELECOM devices and implement appropriate security measures to mitigate the risk of attacks.
Original NVD description (English source)
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

