Skip to main content

MR-GM5L-S1 / MR-GM5A-L1 CVE-2026-27842

CRITICAL
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-03-11 vultures@jpcert.or.jp
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Apr 30, 2026 - 16:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 30, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
Apr 30, 2026 - 16:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 11, 2026 - 06:17 nvd
CRITICAL 9.8

DescriptionCVE.org

Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.

AnalysisAI

Remote attackers can completely bypass authentication on MR-GM5L-S1 and MR-GM5A-L1 devices to arbitrarily modify device configurations. The vulnerability requires no authentication, no user interaction, and low attack complexity (CVSS:4.0 AV:N/AC:L/PR:N/UI:N), scoring 9.3 critical. EPSS exploitation probability is low (0.10%, 28th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis, suggesting limited real-world targeting to date despite the severe access control failure.

Technical ContextAI

This vulnerability affects authentication mechanisms in MRL industrial wireless products MR-GM5L-S1 and MR-GM5A-L1. The root cause is CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating the devices expose an alternative code path or interface that circumvents normal authentication controls. Industrial wireless devices often implement multiple access interfaces (web UI, API, telnet, SSH) and authentication bypass vulnerabilities typically arise when secondary interfaces lack proper credential validation, when default/hardcoded credentials exist in alternate code paths, or when authentication state is improperly shared across protocols. The network attack vector and zero privilege requirement suggest the bypass affects a remotely accessible interface on default configurations.

Affected ProductsAI

This vulnerability affects MRL Co., Ltd. wireless communication devices: MR-GM5L-S1 and MR-GM5A-L1 (all versions prior to patch). These appear to be industrial wireless gateway or radio devices based on the model naming convention. Vendor security advisory and technical details are available at https://www.mrl.co.jp/download/security/JVNVU98103854.pdf with coordination details at https://jvn.jp/en/vu/JVNVU98103854/. No CPE identifiers are available in current vulnerability databases, which may complicate automated asset identification.

RemediationAI

Apply the vendor-released security update documented in MRL security advisory JVNVU98103854 available at https://www.mrl.co.jp/download/security/JVNVU98103854.pdf. Contact MRL Co., Ltd. directly for patch distribution channels and exact fixed firmware versions as specific version numbers are not published in English-language references. Until patching is completed, implement network-layer compensating controls: isolate affected MR-GM5L-S1 and MR-GM5A-L1 devices on dedicated VLANs with no internet exposure, restrict management interface access to specific trusted IP addresses via firewall rules, and disable any unused remote access protocols (telnet, HTTP if HTTPS available). Monitor device configuration change logs for unauthorized modifications. Note these mitigations do not address the underlying authentication bypass but reduce attack surface; network segmentation may impact legitimate remote management workflows requiring VPN access adjustments.

Share

CVE-2026-27842 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy