CVE-2026-21411
Authentication Bypass in OpenBlocks FW5.0.8 Allows Password Change
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| plat_home | openblocks | to 5.0.8 (exc) |
| plat_home | openblocks_iot_dx1 | to 5.0.8 (exc) |
| plat_home | openblocks_iot_ex | to 5.0.8 (exc) |
| plat_home | openblocks_iot_bx | to 5.0.8 (exc) |
| plat_home | openblocks_ix9 | to 5.0.8 (exc) |
| plat_home | openblocks_iot_vx2 | to 5.0.8 (exc) |
| plat_home | openblocks_idm_rx1 | to 5.0.8 (exc) |
| plat_home | openblocks_iot_fx1 | to 5.0.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21411 is an authentication bypass vulnerability in the OpenBlocks series of devices running firmware versions prior to FW5.0.8. This flaw allows an attacker to bypass administrator authentication without needing privileges or user interaction, enabling them to change the administrator password. [2]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker to gain unauthorized administrator access to the affected OpenBlocks devices. With this access, the attacker can change the administrator password, potentially taking full control of the device, leading to compromise of device functionality, data integrity, and security. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the OpenBlocks device firmware to version FW5.0.8 or later. This update addresses the authentication bypass vulnerability CVE-2026-21411. The update can be applied via the WEB UI under [Maintenance] > [System Update] using the online update feature. [1, 2]