Authentication Bypass in SHARP Routers Exposes Device Information
CVE-2026-32326

6.9MEDIUM

Key Information:

Vendor: Sharp Corporation
Status: Home 5g Hr01; Home 5g Hr02; Wi-fi Station Sh-52a; Wi-fi Station Sh-52b
Vendor: CVE Published:; 25 March 2026

🔔 Create Sharp Corporation Vulnerability Alert

What is CVE-2026-32326?

Certain SHARP routers are vulnerable due to a failure to enforce authentication on some of their web APIs. This oversight allows unauthorized users to retrieve sensitive device information without proper authentication. If the default administrative password is not changed, this vulnerability opens the door for potential device takeover by malicious actors. Users are strongly encouraged to change their passwords and review security settings to mitigate the risks associated with this vulnerability.

Affected Version(s)

5G Mobile Router SH-U01 S4.48.00 and earlier

home 5G HR01 38JP_0_490 and earlier

home 5G HR02 S5.A1.00 and earlier

References

https://global.sharp/corporate/info/product-security/advi...

https://jvn.jp/en/jp/JVN49524110/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 12, 2026

CVE-2026-32326 Data

JSON