CVE-2026-42062
Severity CVSS v4.0:
CRITICAL
Type:
CWE-78
OS Command Injections
Publication date:
13/05/2026
Last modified:
13/05/2026
Description
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL



