Volerion logoVolerion
Volerion logoVolerion

ELECOM Wireless LAN Access Points Hard-Coded Key Vulnerability Allowing Configuration Tampering

Vulnerability

A vulnerability exists in several ELECOM wireless LAN access point models, all running version 1.09 or earlier, as well as in models WRC-BE72XSD-B, WRC-BE72XSD-BA, WRC-BE65QSD-B, and WRC-W702-B, all through version 1.1.1. These devices use a hard-coded cryptographic key for encrypting backup configuration files. An attacker aware of this key could manipulate the configuration file, potentially leading to unauthorized changes when a victim administrator is deceived into using the altered file.

Impact

Exploitation of this vulnerability allows an attacker to tamper with the device's configuration file, creating the possibility for unauthorized changes to be applied, especially if the modified file is used by an administrator.

Remediation

Users are advised to update the firmware to the latest version available for their specific device model.

Added: May 13, 2026, 4:17 PM
Updated: May 13, 2026, 4:17 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
4.4
remediation
0.0
relevance
8.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.