CVE-2026-32326
Received Received - Intake
Authentication Bypass in SHARP Router Web APIs Enables Takeover

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: JPCERT/CC

Description
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32326
EUVD
EUVD-2026-15194
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
ntt_docomo home_5g_hr01 to 38JP_0_490 (inc)
ntt_docomo home_5g_hr02 to S5.A1.00 (inc)
ntt_docomo wi-fi_station_sh-52a to 38JP_2_03J (inc)
ntt_docomo wi-fi_station_sh-52b to S3.87.15 (inc)
ntt_docomo wi-fi_station_sh-54c to S6.64.00 (inc)
softbank 5g_mobile_router_sh-u01 to S4.48.00 (inc)
softbank pocket_wifi_5g_a503sh to S7.41.00 (inc)
kddi speed_wi-fi_5g_x01 to 3RJP_2_03I (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects certain SHARP routers used by NTT DOCOMO, SoftBank, and KDDI. Some web APIs on these routers do not require authentication, which allows unauthorized users to retrieve device information.

Since the initial administrative password of the device is partially based on this exposed device information, if the default password remains unchanged, attackers can potentially gain unauthorized access to the device.

Impact Analysis

[{'type': 'paragraph', 'content': 'The vulnerability can lead to unauthorized retrieval of sensitive device information through unauthenticated web APIs.'}, {'type': 'paragraph', 'content': "If the device's administrative password is left as the default initial password, attackers may take over the device, potentially compromising its security and functionality."}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves certain SHARP routers whose web APIs do not require authentication, allowing unauthorized retrieval of device information. Detection involves checking if the device exposes such unauthenticated web APIs.'}, {'type': 'paragraph', 'content': "To detect this on your network or system, you can attempt to access the router's web API endpoints without authentication and observe if device information is returned."}, {'type': 'paragraph', 'content': "For example, you might use commands like curl or wget to query the router's API URLs and check for responses containing device information without providing credentials."}, {'type': 'list_item', 'content': 'curl http://[router_ip]/api/device_info'}, {'type': 'list_item', 'content': 'wget -qO- http://[router_ip]/api/device_info'}, {'type': 'paragraph', 'content': 'If these commands return device information without requiring authentication, the device is vulnerable.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include updating the router firmware to the latest version that addresses this vulnerability.

If your device is one of the models for which firmware updates are no longer provided (such as Wi-Fi STATION SH-52A and Speed Wi-Fi 5G X01), you should manually change the default administrative password via the router’s web-based Settings Tool.

Additionally, ensure that the administrative password is not left as the initial default password to prevent unauthorized access.

For devices with automatic updates enabled, verify that the latest patches have been applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32326. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart