anonhaven
Ad

CVE-2026-32326

MEDIUM CVSS 4.0: 6.9 EPSS 0.05%
Updated Mar 25, 2026
Sharp Corporation
Parameter Value
CVSS 6.9 (MEDIUM)
Type CWE-306 (Missing Authentication for Critical Function)
Vendor Sharp Corporation
Public PoC No

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

Attack Parameters

Attack Vector
Adjacent
Requires local network access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function

Vulnerable Products

sharp corporation:wi-fi station sh-52b sharp corporation:5g mobile router sh-u01 sharp corporation:wi-fi station sh-52a sharp corporation:home 5g hr01 sharp corporation:wi-fi station sh-54c sharp corporation:speed wi-fi 5g x01 sharp corporation:home 5g hr02 sharp corporation:pocket wifi 5g a503sh

References 2

https://global.sharp/corporate/info/product-security/advisory-list/2026-002/
vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN49524110/
vultures@jpcert.or.jp
Share Post Share Share Share