Primary

Context

SHARP Routers Missing Authentication for Web APIs Allowing Unauthorized Access

Vulnerability

A vulnerability exists in certain SHARP routers due to missing authentication for some web APIs. This flaw allows unauthorized access to device information, which could lead to unauthorized access if the administrative password has not been changed from the default. The vulnerability affects SHARP routers on NTT DOCOMO, SoftBank, and KDDI networks, with specific model and version details available in the SHARP Product Security Advisory.

Impact

Exploitation of this vulnerability allows unauthorized users to access device information through the unprotected web APIs. If the default administrative password is still in use, this could result in unauthorized access to the router.

Remediation

Users are advised to update the router's firmware to the latest version. For models Wi-Fi STATION SH-52A and Speed Wi-Fi 5G X01, which are no longer supported, users should change the default password to mitigate the risk.

Added: Mar 25, 2026, 8:21 AM

Updated: Mar 25, 2026, 8:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

8.3

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

8.3

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SHARP Routers Missing Authentication for Web APIs Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

Sharp Wi-Fi STATION SH-52A

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating