Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-42062: ELECOM Wireless Access Points: Unauthorized OS Command Execution
CVE-2026-42062
Summary
ELECOM wireless LAN access points are vulnerable to an attack that can execute any system command without a password. This means an attacker could potentially take control of the device or disrupt its operation. Affected users should update their devices to the latest firmware to fix this issue.
Original title
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentica...
Original description
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.
nvd CVSS3.0
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-78
OS Command Injection
Published: 13 May 2026 · Updated: 23 May 2026 · First seen: 13 May 2026