External risk intelligence

ELECOM access points could allow external attackers to hijack network controls

ELECOM wireless LAN access points could allow external attackers to execute commands without authentication, potentially granting them administrative control over your network infrastructure. This could enable the manipulation or interception of traffic, leading to potential operational disruption.

NVD published May 13, 2026 (2 days ago)

External risk briefCRITICAL

CVE-2026-42062

Halo Surface Signal

3/ 5

These devices are wireless access points typically deployed within internal networks rather than as public-facing gateways. While management interfaces may be inadvertently exposed to the internet in some configurations, they are not standard public-facing services by design.

Exposure facts

CVSS

9.3

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS

0.33%

H – Horizon Alert

A security vulnerability has been identified in ELECOM wireless LAN access points that could allow an unauthorized person to execute arbitrary commands on the system. This flaw stems from how the device handles username information and requires no authentication to exploit, making it accessible to anyone with network access. If successfully targeted, this could allow an unauthorized party to gain control over the affected device, potentially disrupting or compromising your network operations.

A – Asset Exposure

This vulnerability impacts ELECOM wireless LAN access point devices, which are critical infrastructure for managing network connectivity. Since the flaw allows for unauthorized command execution without requiring a login, anyone with network access to these devices could potentially gain administrative control. This poses a risk to network controls and could allow an unauthorized party to manipulate or intercept traffic passing through the access point.

L – Live Threat

The identified vulnerability in ELECOM wireless LAN access points involves a potential command injection flaw that could allow for unauthorized execution of commands. Based on the provided context, there is no indication of active exploitation, public exploit availability, or specific targeting at this time. We will continue to monitor the situation for any emerging threat signals.

O – Operational Fix

Please have your IT team review the official security notice from ELECOM regarding their wireless LAN access point devices. We recommend verifying your current device deployments and promptly applying any firmware updates or configuration guidance provided by the manufacturer. Prioritizing this coordination will help ensure your network infrastructure remains aligned with the vendor's latest security recommendations.