Configuration file tampering in ELECOM wireless LAN access point devices
CVE-2026-25107

6.9MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-x1800gs-b; Wrc-x3000gs2-b; Wrc-x3000gs2-w; Wrc-x3000gs2a-b
Vendor: CVE Published:; 13 May 2026

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2026-25107?

ELECOM wireless LAN access point devices are vulnerable due to the use of a hard-coded cryptographic key when creating backups of configuration files. This vulnerability allows an attacker, who has knowledge of the encryption key, to manipulate the configuration file. Victim administrators may unwittingly be influenced into utilizing a compromised configuration file, leading to potential unauthorized changes and network security risks.

Affected Version(s)

WRC-X1800GS-B v1.19 and earlier

WRC-X1800GSA-B v1.19 and earlier

WRC-X1800GSH-B v1.19 and earlier

References

https://www.elecom.co.jp/news/security/20260512-01/

https://jvn.jp/en/jp/JVN03037325/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-25107 Data

JSON