Skip to main content

Wab Be72 M

3 CVEs product

Monthly

CVE-2026-42961 MEDIUM This Month

Cross-site request forgery (CSRF) in ELECOM wireless LAN access points (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows remote attackers to trick authenticated users into performing unintended administrative operations by viewing a malicious webpage. The vulnerability exists despite CSRF token implementation due to inadequate token validation, enabling integrity compromise of access point configuration without user knowledge.

CSRF Wab Be187 M Wab Be72 M Wab Be36 M Wab Be36 S
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42950 MEDIUM This Month

ELECOM wireless LAN access point models WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, and WAB-BE36-S fail to validate the language parameter in administrative pages, allowing remote attackers to break the admin interface for logged-in users via malicious web pages. The vulnerability requires user interaction (viewing a malicious page while authenticated to the access point) and results in denial of service of the administrative interface rather than data exposure or unauthorized access. No public exploit code has been identified at time of analysis.

Information Disclosure Wab Be187 M Wab Be72 M Wab Be36 M Wab Be36 S
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42948 MEDIUM This Month

Stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows authenticated administrators to inject malicious scripts that execute in other administrators' web browsers when they access the device management interface. Exploitation requires high-privilege administrative credentials and user interaction (victim must visit the admin panel), limiting real-world risk despite network-accessible attack surface.

XSS Wab Be187 M Wab Be72 M Wab Be36 M Wab Be36 S
NVD
CVSS 4.0
4.8
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM This Month

Cross-site request forgery (CSRF) in ELECOM wireless LAN access points (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows remote attackers to trick authenticated users into performing unintended administrative operations by viewing a malicious webpage. The vulnerability exists despite CSRF token implementation due to inadequate token validation, enabling integrity compromise of access point configuration without user knowledge.

CSRF Wab Be187 M Wab Be72 M +2
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

ELECOM wireless LAN access point models WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, and WAB-BE36-S fail to validate the language parameter in administrative pages, allowing remote attackers to break the admin interface for logged-in users via malicious web pages. The vulnerability requires user interaction (viewing a malicious page while authenticated to the access point) and results in denial of service of the administrative interface rather than data exposure or unauthorized access. No public exploit code has been identified at time of analysis.

Information Disclosure Wab Be187 M Wab Be72 M +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows authenticated administrators to inject malicious scripts that execute in other administrators' web browsers when they access the device management interface. Exploitation requires high-privilege administrative credentials and user interaction (victim must visit the admin panel), limiting real-world risk despite network-accessible attack surface.

XSS Wab Be187 M Wab Be72 M +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy