CVE-2026-25107

MEDIUM

ELECOM WRC-X Series - Use of Hard-coded Cryptographic Key in Configuration Backup

Title source: llm

Description

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.

References (2)

Core 2

Core References

https://jvn.jp/en/jp/JVN03037325/

https://www.elecom.co.jp/news/security/20260512-01/

Scores

CVSS v3 6.5

EPSS 0.0012

EPSS Percentile 2.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (13)

ELECOM CO.,LTD./WRC-X1800GS-B v1.19 and earlier

ELECOM CO.,LTD./WRC-X1800GSA-B v1.19 and earlier

ELECOM CO.,LTD./WRC-X1800GSH-B v1.19 and earlier

ELECOM CO.,LTD./WRC-X3000GS2-B v1.09 and earlier

ELECOM CO.,LTD./WRC-X3000GS2-W v1.09 and earlier

ELECOM CO.,LTD./WRC-X3000GS2A-B v1.09 and earlier

ELECOM CO.,LTD./WRC-X3000GST2-B v1.06 and earlier

ELECOM CO.,LTD./WRC-X6000QS-G v1.14 and earlier

ELECOM CO.,LTD./WRC-X6000QSA-G v1.14 and earlier

ELECOM CO.,LTD./WRC-X6000XS-G v1.12 and earlier

... and 3 more

Published May 13, 2026

Tracked Since May 13, 2026