CVE-2026-42062 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 13, 2026
ELECOM wireless LAN access point - Command Injection
Overview
ELECOM wireless LAN access point devices contain a command injection caused by improper processing of the username parameter, letting remote attackers execute arbitrary OS commands without authentication.
Severity & Score
Impact
Remote attackers can execute arbitrary OS commands, potentially leading to full system compromise.
Mitigation
Update to the latest version of the ELECOM wireless LAN access point firmware.
Social Media Activity(2 posts)
š“ CVE-2026-42062 - Critical (9.8) ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required. š https://www.thehackerwire.com/vulnerability/CVE-2026-42062/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-42062 - Critical (9.8) ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required. š https://www.thehackerwire.com/vulnerability/CVE-2026-42062/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42062
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- rejected
- EPSS
- 33.4%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H