CVE-2026-32326

MEDIUM

Sharp home 5G HR01 <=38JP_0_490 - Auth Bypass

Title source: llm

Description

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

References (2)

https://global.sharp/corporate/info/product-security/advisory-list/2026-002/

https://jvn.jp/en/jp/JVN49524110/

Scores

CVSS v3 5.7

EPSS 0.0002

EPSS Percentile 6.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (8)

Sharp Corporation/5G Mobile Router SH-U01 S4.48.00 and earlier

Sharp Corporation/home 5G HR01 38JP_0_490 and earlier

Sharp Corporation/home 5G HR02 S5.A1.00 and earlier

Sharp Corporation/Pocket WiFi 5G A503SH S7.41.00 and earlier

Sharp Corporation/Speed Wi-Fi 5G X01 3RJP_2_03I and earlier

Sharp Corporation/Wi-Fi STATION SH-52A 38JP_2_03J and earlier

Sharp Corporation/Wi-Fi STATION SH-52B S3.87.15 and earlierr

Sharp Corporation/Wi-Fi STATION SH-54C S6.64.00 and earlier

Published Mar 25, 2026

Tracked Since Mar 25, 2026