CVE-2026-3356

CRITICAL

Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor

Title source: cna

Description

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

References (1)

[Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01

Scores

CVSS v4 9.3

EPSS 0.0007

EPSS Percentile 20.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (4)

Anritsu/Remote Spectrum Monitor MS27100A All versions

Anritsu/Remote Spectrum Monitor MS27101A All versions

Anritsu/Remote Spectrum Monitor MS27102A All versions

Anritsu/Remote Spectrum Monitor MS27103A All versions

Published Mar 31, 2026

Tracked Since Apr 01, 2026