CVE-2026-42948

MEDIUM 4.8

CVSS Score

4.8

EPSS Score

0.0%

EPSS Percentile

0th

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.

Vendor	elecom co.,ltd.
Product	wab-be187-m
Published	May 13, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for elecom co.,ltd. wab-be187-m

Be the first to know when new medium vulnerabilities affecting elecom co.,ltd. wab-be187-m are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected Versions

ELECOM CO.,LTD. / WAB-BE187-M

v1.1.10 and earlier

ELECOM CO.,LTD. / WAB-BE72-M

v1.1.3 and earlier

ELECOM CO.,LTD. / WAB-BE36-M

v1.1.3 and earlier

ELECOM CO.,LTD. / WAB-BE36-S

v1.1.3 and earlier

References

NVD ↗ CVE.org ↗ EPSS Data ↗

elecom.co.jp: https://www.elecom.co.jp/news/security/20260512-01/ jvn.jp: https://jvn.jp/en/jp/JVN03037325/