Unauthenticated Access in ELECOM Wireless LAN Access Point Devices
CVE-2026-40621

9.3CRITICAL

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-be72xsd-b; Wrc-be72xsd-ba; Wrc-be65qsd-b; Wrc-w702-b
Vendor: CVE Published:; 13 May 2026

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2026-40621?

Certain ELECOM wireless LAN access point devices are affected by a vulnerability that allows unauthorized users to access specific URLs without requiring authentication. This exposure could lead to unauthorized control or data access, compromising the security of the network and connected devices. Users are advised to assess their devices for potential risks and apply appropriate security measures.

Affected Version(s)

WRC-BE65QSD-B v1.1.0 and earlier

WRC-BE72XSD-B v1.1.1 and earlier

WRC-BE72XSD-BA v1.1.1 and earlier

References

https://www.elecom.co.jp/news/security/20260512-01/

https://jvn.jp/en/jp/JVN03037325/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-40621 Data

JSON