CVE-2026-40621: Authentication Bypass Using an Alternate Path or Channel in ELECOM CO.,LTD. WRC-BE72XSD-B
ELECOM CO. ,LTD. WRC-BE72XSD-B wireless LAN access point devices have a critical authentication bypass vulnerability. Certain URLs on the device can be accessed without any authentication, allowing unauthorized users to interact with the device. This affects versions v1. 1. 1 and earlier. The vulnerability has a high CVSS score of 9. 8, indicating severe impact on confidentiality, integrity, and availability. No official patch or remediation guidance is currently provided by the vendor.
AI Analysis
Technical Summary
CVE-2026-40621 is an authentication bypass vulnerability in ELECOM CO.,LTD.'s WRC-BE72XSD-B wireless LAN access point devices. The issue arises because some specific URLs on the device do not require authentication, enabling an attacker to access the device without credentials. This vulnerability affects firmware versions v1.1.1 and earlier. The CVSS v3.0 base score is 9.8, reflecting network attack vector, no required privileges or user interaction, and impacts to confidentiality, integrity, and availability. The vulnerability was published on May 13, 2026. No vendor advisory or patch information is currently available.
Potential Impact
An attacker can bypass authentication controls and access sensitive device functions or data via specific URLs without credentials. This can lead to full compromise of the device, including unauthorized configuration changes, data disclosure, or denial of service. The critical CVSS score of 9.8 reflects the potential for complete system compromise remotely without any user interaction or privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict network access to the affected device to trusted users only and monitor for unauthorized access attempts. Avoid exposing the device management interface to untrusted networks.
CVE-2026-40621: Authentication Bypass Using an Alternate Path or Channel in ELECOM CO.,LTD. WRC-BE72XSD-B
Description
ELECOM CO. ,LTD. WRC-BE72XSD-B wireless LAN access point devices have a critical authentication bypass vulnerability. Certain URLs on the device can be accessed without any authentication, allowing unauthorized users to interact with the device. This affects versions v1. 1. 1 and earlier. The vulnerability has a high CVSS score of 9. 8, indicating severe impact on confidentiality, integrity, and availability. No official patch or remediation guidance is currently provided by the vendor.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40621 is an authentication bypass vulnerability in ELECOM CO.,LTD.'s WRC-BE72XSD-B wireless LAN access point devices. The issue arises because some specific URLs on the device do not require authentication, enabling an attacker to access the device without credentials. This vulnerability affects firmware versions v1.1.1 and earlier. The CVSS v3.0 base score is 9.8, reflecting network attack vector, no required privileges or user interaction, and impacts to confidentiality, integrity, and availability. The vulnerability was published on May 13, 2026. No vendor advisory or patch information is currently available.
Potential Impact
An attacker can bypass authentication controls and access sensitive device functions or data via specific URLs without credentials. This can lead to full compromise of the device, including unauthorized configuration changes, data disclosure, or denial of service. The critical CVSS score of 9.8 reflects the potential for complete system compromise remotely without any user interaction or privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict network access to the affected device to trusted users only and monitor for unauthorized access attempts. Avoid exposing the device management interface to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- jpcert
- Date Reserved
- 2026-05-07T05:46:57.272Z
- Cvss Version
- 3.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a047049cbff5d8610c6fd77
Added to database: 5/13/2026, 12:36:25 PM
Last enriched: 5/13/2026, 12:51:34 PM
Last updated: 5/13/2026, 1:44:57 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.