Skip to main content

Wrc X1500Gsa B Firmware CVE-2026-24449

MEDIUM
Use of Weak Credentials (CWE-1391)
2026-02-03 vultures@jpcert.or.jp
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 07:16 nvd
MEDIUM 5.1

DescriptionCVE.org

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.

AnalysisAI

WRC-X1500GS-B and WRC-X1500GSA-B routers contain a weak credential derivation vulnerability where initial administrative passwords can be predicted from publicly available system information, potentially allowing unauthenticated attackers to gain administrative access. The vulnerability requires physical proximity to the device to obtain necessary system details, limiting its practical exploitability. No patch is currently available for affected devices.

Technical ContextAI

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-24449 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy