Skip to main content

Rtu540 Firmware CVE-2026-1772

MEDIUM
Improper Handling of Insufficient Permissions or Privileges (CWE-280)
2026-02-24 cybersecurity@hitachienergy.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 24, 2026 - 14:16 nvd
MEDIUM 5.3

DescriptionCVE.org

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

AnalysisAI

Improper access controls in RTU500 series firmware (RTU520, RTU530, RTU540, RTU560) expose sensitive user management data to unauthenticated attackers who leverage browser developer tools to bypass web interface restrictions. An attacker without privileges can read confidential user information that should require authentication, though the vulnerability requires direct access to development utilities rather than simple network requests. No patch is currently available for this medium-severity exposure.

Technical ContextAI

Affects the RTU500 web user component of Rtu520 Firmware. RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-1772 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy