MR-GM5L-S1 / MR-GM5A-L1 CVE-2026-27842
CRITICALSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
AnalysisAI
Remote attackers can completely bypass authentication on MR-GM5L-S1 and MR-GM5A-L1 devices to arbitrarily modify device configurations. The vulnerability requires no authentication, no user interaction, and low attack complexity (CVSS:4.0 AV:N/AC:L/PR:N/UI:N), scoring 9.3 critical. EPSS exploitation probability is low (0.10%, 28th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis, suggesting limited real-world targeting to date despite the severe access control failure.
Technical ContextAI
This vulnerability affects authentication mechanisms in MRL industrial wireless products MR-GM5L-S1 and MR-GM5A-L1. The root cause is CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating the devices expose an alternative code path or interface that circumvents normal authentication controls. Industrial wireless devices often implement multiple access interfaces (web UI, API, telnet, SSH) and authentication bypass vulnerabilities typically arise when secondary interfaces lack proper credential validation, when default/hardcoded credentials exist in alternate code paths, or when authentication state is improperly shared across protocols. The network attack vector and zero privilege requirement suggest the bypass affects a remotely accessible interface on default configurations.
Affected ProductsAI
This vulnerability affects MRL Co., Ltd. wireless communication devices: MR-GM5L-S1 and MR-GM5A-L1 (all versions prior to patch). These appear to be industrial wireless gateway or radio devices based on the model naming convention. Vendor security advisory and technical details are available at https://www.mrl.co.jp/download/security/JVNVU98103854.pdf with coordination details at https://jvn.jp/en/vu/JVNVU98103854/. No CPE identifiers are available in current vulnerability databases, which may complicate automated asset identification.
RemediationAI
Apply the vendor-released security update documented in MRL security advisory JVNVU98103854 available at https://www.mrl.co.jp/download/security/JVNVU98103854.pdf. Contact MRL Co., Ltd. directly for patch distribution channels and exact fixed firmware versions as specific version numbers are not published in English-language references. Until patching is completed, implement network-layer compensating controls: isolate affected MR-GM5L-S1 and MR-GM5A-L1 devices on dedicated VLANs with no internet exposure, restrict management interface access to specific trusted IP addresses via firewall rules, and disable any unused remote access protocols (telnet, HTTP if HTTPS available). Monitor device configuration change logs for unauthorized modifications. Note these mitigations do not address the underlying authentication bypass but reduce attack surface; network segmentation may impact legitimate remote management workflows requiring VPN access adjustments.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today