CVE-2026-42948

MEDIUM

Elecom Co.,ltd. WAB-BE187-M - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Title source: rule

Description

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.

References (2)

Core 2

Core References

https://www.elecom.co.jp/news/security/20260512-01/

https://jvn.jp/en/jp/JVN03037325/

Scores

CVSS v3 4.8

EPSS 0.0016

EPSS Percentile 5.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (4)

ELECOM CO.,LTD./WAB-BE187-M v1.1.10 and earlier

ELECOM CO.,LTD./WAB-BE36-M v1.1.3 and earlier

ELECOM CO.,LTD./WAB-BE36-S v1.1.3 and earlier

ELECOM CO.,LTD./WAB-BE72-M v1.1.3 and earlier

Published May 13, 2026

Tracked Since May 13, 2026