OS Command Injection Vulnerability in ELECOM Wireless LAN Access Point
CVE-2026-42062

9.3CRITICAL

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-be72xsd-b; Wrc-be72xsd-ba; Wrc-be65qsd-b; Wrc-w702-b
Vendor: CVE Published:; 13 May 2026

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2026-42062?

ELECOM wireless LAN access point devices have a vulnerability in their processing of the username parameter, which allows for OS command injection. An attacker can exploit this flaw by sending a specially crafted request, which can result in the execution of arbitrary OS commands on the device without requiring authentication. This presents a significant security risk as it can compromise the integrity and functionality of the affected devices.

Affected Version(s)

WRC-BE65QSD-B v1.1.0 and earlier

WRC-BE72XSD-B v1.1.1 and earlier

WRC-BE72XSD-BA v1.1.1 and earlier

References

https://www.elecom.co.jp/news/security/20260512-01/

https://jvn.jp/en/jp/JVN03037325/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-42062 Data

JSON